On Wed, 2011-10-26 at 11:29 -0200, Persio Pucci wrote: > Here is the rundown on the configs (again, my side but I assume the other > side is fine and there's not much on the tunnel cfg to be wrong). IPs > removed to protect the innocent. ... > interface Loopback100 > description LOOPBACK GRE > ip vrf forwarding CUSTOMER > ip address y.y.y.y 255.255.255.255 > ! > interface Tunnel100 > ip vrf forwarding CUSTOMER > ip address z.z.z.z 255.255.255.252 > ip pim sparse-mode > ip virtual-reassembly > load-interval 30 > keepalive 10 3 > tunnel source Loopback100 > tunnel destination d.d.d.d
I would think that you need "tunnel vrf CUSTOMER" here since Lo100 is actually in that VRF. I'm not at all sure that this is the problem, but it's worth a try. We use it on NPE-G1 12.4(25e). > crypto map CUSTOMER_CERT > ! The crypto map on the tunnel interface? Should it not just appear on the physical interface? I decided to use "tunnel protection" instead of crypto maps, example here: http://www.gossamer-threads.com/lists/cisco/nsp/127635#127635 -- Peter _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
