LANtoLAN IPSec + PBR + DVTI

Unanswered Question
Aug 17th, 2009
User Badges:

Hello,

I need to clarify some things about routing with DVTI on the Cisco 1801. I have a VirtualTemplate interface associated with a Dialer interface:


interface Virtual-Template1 type tunnel

ip unnumbered Dialer0

tunnel source Dialer0

tunnel mode ipsec ipv4

tunnel protection ipsec profile VTI_Profile


crypto isakmp profile VTI_Profile

keyring TEST

match identity address 1.2.3.4 255.255.255.255

client configuration address respond

keepalive 3600 retry 60

virtual-template 1

local-address Dialer0


Gateway of last resort is not set. I have PBR for incoming IPSec connections:


ip local policy route-map LOCAL


route-map LOCAL permit 10

match ip address 150

set interface Dialer0


route-map LOCAL permit 20

match ip address 152

set global


access-list 150 permit ip host 5.6.7.8 any

access-list 152 permit ip any any


After IPSec tunnel is established the new interface VirtualAccess1 is appeared and route to remote LAN added to global route table:


S 192.168.40.0/24 [1/0] via 1.2.3.4, Virtual-Access1


The ping from local LAN to remote LAN is not working until I add the default gateway. Is there route lookup action after packets pass through VirtualAccess interface?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
aleksei.timofeyev Tue, 08/25/2009 - 20:00
User Badges:

Hi,


Could you look at Figure 3 at URL specified by you? If I configure different PBRs for inside interface,outside interface and VTI in what sequence they will be looked up?


regards,

Aleksei

Actions

This Discussion