09-20-2010 11:24 AM - edited 02-21-2020 04:51 PM
Hi All
Has anyone managed to setup GETVPN on a CE router with VRF Lite?
I using 2821's (12(24)T4) in a test lab to test the functionality of GETVPN before I deploy on a production network. The GETVPN configurations works fine if the routing is in the global table but once the config is moved to a VRF the GM's will not register. The KS is only using the global routing table as it is not VRF aware.
The MPLS core and CE to KS connectivity is working fine. Does anyone have a working configuration?
Thanks
Mark
09-20-2010 12:48 PM
Mark,
If I understand what you're going after you need 15.0(1)M minimum.
Hope this helps.
Marcin
09-21-2010 05:30 AM
Hi Marcin
Thanks for the speedy response to my question. I'm not neccessarily looking to split the data and control traffic but merely trying configure GETVPN on a VRF interface. I have CE routers which have multiple VRF's (Customer data, Management) and now internet and I want to encrypt the new internet vrf. I have followed the design guide and I'm using the recommended versions.
I will try ver 15 and see what functionality that gives me.
Do you have a working configuration that you can share?
Thanks
Mark
09-21-2010 07:05 AM
Mark,
There this example from a collgueague of mine. Not it is using client registration interface (it's on 15.0).
If time allows I will also check in my lab.
Hope this helps.
Marcin
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco123 address 1.1.1.1
!
!
crypto gdoi group getvpn_group
identity number 1
server address ipv4 1.1.1.1
client registration interface Ethernet0/0
!
crypto gdoi group getvpn_group2
identity number 2
server address ipv4 1.1.1.1
client registration interface Ethernet0/0
!
crypto gdoi group getvpn_group3
identity number 3
server address ipv4 1.1.1.1
client registration interface Ethernet0/0
!
!
crypto map client1 10 gdoi
set group getvpn_group
!
crypto map client2 10 gdoi
set group getvpn_group2
!
crypto map client3 10 gdoi
set group getvpn_group3
!
!
!
!
!
interface Loopback10
ip vrf forwarding client1
ip address 10.10.10.1 255.255.255.0
!
!
interface Loopback20
ip vrf forwarding client2
ip address 10.10.10.1 255.255.255.0
!
!
interface Loopback30
ip vrf forwarding client3
ip address 10.0.10.1 255.255.255.0
!
!
interface Ethernet0/0
ip address 10.10.20.1 255.255.255.248
!
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip vrf forwarding client1
ip address 192.168.1.1 255.255.255.248
crypto map client1
!
interface Ethernet0/0.20
encapsulation dot1Q 20
ip vrf forwarding client2
ip address 192.168.1.1 255.255.255.248
crypto map client2
!
interface Ethernet0/0.30
encapsulation dot1Q 30
ip vrf forwarding client3
ip address 192.168.10.1 255.255.255.248
crypto map client3
!
!
router eigrp 100
!
address-family ipv4 vrf client1 autonomous-system 100
network 10.0.0.0
network 192.168.0.0 0.0.255.255
exit-address-family
!
address-family ipv4 vrf client2 autonomous-system 100
network 10.0.0.0
network 192.168.0.0 0.0.255.255
exit-address-family
!
address-family ipv4 vrf client3 autonomous-system 100
network 10.0.0.0
network 192.168.0.0 0.0.255.255
exit-address-family
network 10.10.20.0 0.0.0.3
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide