Some things that I have noted in this and other VPN vrfs docs are: If the VPN interface is a VRF interface, then isakmp key should be vrf key meaning, there should be keyring associated to the ISAKMP profile attached to the crypto map.
If the VPN interface is not VRF interface, then the route configured remote proxies should have the global keyword. With regards Kings On Fri, Apr 16, 2010 at 9:53 PM, Brandon Carroll <[email protected]>wrote: > I'm assuming you're using this document: > > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ft_vrfip.htm > > It shows the VRF applied to the interface as well as some examples with > isakmp profiles. > > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > On Apr 16, 2010, at 3:33 AM, Badar Farooq wrote: > > I am trying to establish a VRF aware ipsec tunnel using VTI. > I have tried a million permutations and nothing seems to work. For > starters, when I associate the isakmp profile with the vrf and then attach > it to ipsec profile, when i apply tunnel protection I get the message > > > ISAKMP Profile attached to IPSec Profile 'ipsec-prof' has vrf configured. > Please remove vrf from ISAKMP Profile and reapply tunnel protection. > > But this appears to be dependent on version. > > I have tried putting source of the tunnel in the same VRF, different/no > VRF, tunnel VRF command, and everything else I can think of... > > Can somebody create and send a working config for this simple scenario > > R1 (f0/0)--------------(f0/0)R2 and we need to encrypt traffic between > their loopbacks 1.1.1.1 and 2.2.2.2 using vrf aware ipsec and VTI > > > Regards > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
