Martin,
What do you want to "virtualize"? Are local or remote subnets overlapping?
Taking a look at your config:
--------
crypto keyring KUNDE1 vrf KUNDE1
pre-shared-key address 150.1.11.17 key vpn-kodeord
crypto isakmp profile KUNDE1
vrf KUNDE1
keyring KUNDE1
self-identity address
match identity address 150.1.11.17 255.255.255.255 KUNDE1
----------
You're expecting both Inside and Frond VRF to be Kunde1. Ie encapsulated packets should be received on VRF KUNDE1 and also be decapsulated there.
If there is only one overlapp we either:
- Use VRFs (if multiple local subnets are shared), if it's Intenet deployment you use only one Frond VRF.
- NAT if muliple remote subnets are shared (note that NAT is done before encryption)
What kind of deployment did you have in mind
Marcin