LANtoLAN IPSec + PBR + DVTI

Unanswered Question
Aug 17th, 2009

Hello,

I need to clarify some things about routing with DVTI on the Cisco 1801. I have a VirtualTemplate interface associated with a Dialer interface:

interface Virtual-Template1 type tunnel

ip unnumbered Dialer0

tunnel source Dialer0

tunnel mode ipsec ipv4

tunnel protection ipsec profile VTI_Profile

crypto isakmp profile VTI_Profile

keyring TEST

match identity address 1.2.3.4 255.255.255.255

client configuration address respond

keepalive 3600 retry 60

virtual-template 1

local-address Dialer0

Gateway of last resort is not set. I have PBR for incoming IPSec connections:

ip local policy route-map LOCAL

route-map LOCAL permit 10

match ip address 150

set interface Dialer0

route-map LOCAL permit 20

match ip address 152

set global

access-list 150 permit ip host 5.6.7.8 any

access-list 152 permit ip any any

After IPSec tunnel is established the new interface VirtualAccess1 is appeared and route to remote LAN added to global route table:

S 192.168.40.0/24 [1/0] via 1.2.3.4, Virtual-Access1

The ping from local LAN to remote LAN is not working until I add the default gateway. Is there route lookup action after packets pass through VirtualAccess interface?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
aleksei.timofeyev Tue, 08/25/2009 - 20:00

Hi,

Could you look at Figure 3 at URL specified by you? If I configure different PBRs for inside interface,outside interface and VTI in what sequence they will be looked up?

regards,

Aleksei

Actions

This Discussion