The interface is suppose to be part of VRF and thus it is being configured. The corresponding topology is given below. You can see that VPN peers are connected through a VRF not global routing.
VRF Cust -------- R1 ------------ Internet VRF ---------------- R2 If you don't have the "ip vrf forwarding internet-vrf" configured for the interface, then the topology will be as following. VRF Cust -------- R1 ------------ Global routing ---------------- R2 With regards Kings On Tue, Sep 20, 2011 at 9:35 AM, Adil Pasha <[email protected]> wrote: > > https://supportforums.cisco.com/docs/DOC-13524 > > The question is for any IPSec VRF-AWARE guru. > > Why did the writer of the above article applied "ip vrf forwarding > internet-vrf" on the interface with "crypto map"? > > I have not seen any example with this kind of configuration and my tunnel > is not coming up. > > interface GigabitEthernet0/0 > description internet WAN link > ip vrf forwarding internet-vrf > ip address 10.1.1.3 255.255.255.224 > crypto map mymap > ! > > > Cisco's document show the above interface without "ip vrf" command. Just > the crypto map applied to it. > > > http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_vrf_aware_ipsec_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1055196 > > > > > Best Regards. > ______________________ > Adil > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
