Advices about use of fwsm, spa vpn ipsec & cca mode

Unanswered Question
Aug 27th, 2008
User Badges:

I didn't found a lot of information, documentation of knowledge about integration of fwsm, spa vpn ipsec with cca mode.




Fswm will be directly connected with a public addres and translate to a private address with a nat.

My VPN ipsec will be terminated after the FWSM.

I need to use global VRF and Ivrf (why I need to use CCA mode)

Differents clients to differents vrf


Configuration like this




Vlan 10 -- FSWM context --vlan 11 outside ipsec - SPA card - vlan 100/VRF customer1 --

- Vlan 200/VRF Customer2 --




ip vrf customer1

rd 100:1


ip vrf customer2

rd 200:2



crypto isakmp policy 10

encr 3des

hash sha

authentication pre-share


crypto keyring customer1-key

pre-shared-key address 2.0.0.1 key 12345


crypto keyring customer2-key

pre-shared-key address 2.0.0.2 key 12345


crypto ipsec transform-set strong esp-aes 256 esp-sha-hmac


crypto engine mode vrf



Crypto isakmp profile customer1

vrf customer1

keyring customer1-key

match identity address 2.0.0.1/32



Crypto isakmp profile customer2

vrf customer2

keyring customer2-key

match identity address 2.0.0.2/32



crypto map cm local-address vlan 11


crypto map cm1 10 ipsec-isakmp

set peer 2.0.0.1

set transform-set strong

set isakmp-profile customer1

match address acl customer1


crypto map cm2 20 ipsec-isakmp

set peer 2.0.0.2

set transform-set strong

set isakmp-profile customer2

match address acl customer2



interface vlan 100

ip vrf forwarding customer1

ip address 10.1.1.1/24

crypto engine subslot 1/0 inside

crypto map cm1


interface vlan 200

ip vrf forwarding customer2

ip address 10.2.2.1/24

crypto engine subslot 1/0 inside

crypto map cm2



interface vlan11

ip address 10.0.0.2/30

crypto engine subslot 1/0 outside


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion