guys I got it to work But I had to define a key in global config and go without keyring when using VTI.
I am still investigating more and will let you all know if i find something interesting Regards On Fri, Apr 16, 2010 at 8:33 PM, Kingsley Charles < [email protected]> wrote: > Some things that I have noted in this and other VPN vrfs docs are: > > If the VPN interface is a VRF interface, then isakmp key should be vrf key > meaning, there should be keyring associated to the ISAKMP profile attached > to the crypto map. > > If the VPN interface is not VRF interface, then the route configured remote > proxies should have the global keyword. > > > > > With regards > Kings > > On Fri, Apr 16, 2010 at 9:53 PM, Brandon Carroll <[email protected]>wrote: > >> I'm assuming you're using this document: >> >> >> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ft_vrfip.htm >> >> It shows the VRF applied to the interface as well as some examples with >> isakmp profiles. >> >> >> Regards, >> >> Brandon Carroll - CCIE #23837 >> Senior Technical Instructor - IPexpert >> Mailto: [email protected] >> Telephone: +1.810.326.1444 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> On Apr 16, 2010, at 3:33 AM, Badar Farooq wrote: >> >> I am trying to establish a VRF aware ipsec tunnel using VTI. >> I have tried a million permutations and nothing seems to work. For >> starters, when I associate the isakmp profile with the vrf and then attach >> it to ipsec profile, when i apply tunnel protection I get the message >> >> >> ISAKMP Profile attached to IPSec Profile 'ipsec-prof' has vrf configured. >> Please remove vrf from ISAKMP Profile and reapply tunnel protection. >> >> But this appears to be dependent on version. >> >> I have tried putting source of the tunnel in the same VRF, different/no >> VRF, tunnel VRF command, and everything else I can think of... >> >> Can somebody create and send a working config for this simple scenario >> >> R1 (f0/0)--------------(f0/0)R2 and we need to encrypt traffic between >> their loopbacks 1.1.1.1 and 2.2.2.2 using vrf aware ipsec and VTI >> >> >> Regards >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
