08-15-2014 07:09 PM
08-16-2014 01:48 AM
Hi,
Yeap. You have to use ikev1 and psk for this ipsec establishment with BC cloud proxy.
Recommendations:
ikev1
presharedkey
IKEv1 Policy:
08-16-2014 09:31 AM
IPSEC is established between BC Cloud and my ISR now... However, I am facing a little challenge here.
I have NAT-OVERLOAD to my cellular network which is connected to my intenal network in GRE/IPSEC (BGP) and I need to somehow forward my client traffic to the BC Cloud IP address.
Diagram:
Tunnel1 SW--ISR---------GRE/IPSEC-------------INTERNAL-DC
SW--ISR-----------------------IPSEC------------------BC Cloud
Has anyone gone through this exercise? Please let me know.
Thanks
08-16-2014 06:57 AM
I believe my ISR supports IKEv2 only.. Does it fall back to IKEv1??
## Here's my config
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
crypto isakmp key [PSK] address [CLOUD-IP] no-xauth
crypto ipsec transform-set BC-Cloud esp-aes esp-sha256-hmac
mode tunnel
crypto map vpn 1 ipsec-isakmp
set peer [CLOUD-IP]
set transform-set BC-Cloud
match address 175
access-list 175 permit ip [internal Client IP] any
interface cellular 0/0/0
crypto map vpn
Please note that I only provided IPSEC related configuration here. Assume that cellular interface, NAT, routing all other components are working as expected.
Thanks
08-16-2014 06:07 PM
Anyone...??
The tunnel has been created, but I still don't know how i should be forwarding packets as I am using cellular interface.. I have 'nat overload to Cellular0/0/0' and my default route pointing to Cellular0/0/0..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: