04-14-2008 12:02 PM - edited 02-21-2020 03:40 PM
hi,
there are nice documents for vrf aware ipsec configurations with "classic" crypto maps...
and also for tunnel mode ipsec configurations but with tunnel peers in global routing table...
i need a combination:
a gre tunnel interface with ipsec encryption where both - the tunnel peers (source/destination) and the encrypted traffic is within the same VRF
in most samples the tunnel is set up over the global routing instance and just the encrypted traffic is in an VRF...
any clues if this works / is supported?
thanks in advance
herwig
04-15-2008 01:35 AM
anyone knows if tunnel peers can be in the same vrf as the encrypted traffic?
thanks,
herwig
04-22-2008 05:57 AM
just if one of you need this info...
it's possible to have tunnel peers inside the same vrf together with the tunneled traffic itself:
crypto keyring KEYRING vrf XYZ
pre-shared-key address 172.26.1.69 key cisco
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
crypto isakmp profile IKE_PROFILE
keyring KEYRING
match identity address 172.26.1.69 255.255.255.255 XYZ
crypto ipsec transform-set TSET esp-aes 256 esp-sha-hmac
!
crypto ipsec profile PROFILE
set transform-set TSET
interface Tunnel1
ip vrf forwarding XYZ
ip address 172.20.107.145 255.255.255.252
tunnel source Loopback2
tunnel destination 172.26.1.81
tunnel mode ipsec ipv4
tunnel vrf XYZ
tunnel protection ipsec profile PROFILE shared
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide