Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Advices about use of fwsm, spa vpn ipsec & cca mode

I didn't found a lot of information, documentation of knowledge about integration of fwsm, spa vpn ipsec with cca mode.

Fswm will be directly connected with a public addres and translate to a private address with a nat.

My VPN ipsec will be terminated after the FWSM.

I need to use global VRF and Ivrf (why I need to use CCA mode)

Differents clients to differents vrf

Configuration like this

Vlan 10 -- FSWM context --vlan 11 outside ipsec - SPA card - vlan 100/VRF customer1 --

- Vlan 200/VRF Customer2 --

ip vrf customer1

rd 100:1

ip vrf customer2

rd 200:2

crypto isakmp policy 10

encr 3des

hash sha

authentication pre-share

crypto keyring customer1-key

pre-shared-key address 2.0.0.1 key 12345

crypto keyring customer2-key

pre-shared-key address 2.0.0.2 key 12345

crypto ipsec transform-set strong esp-aes 256 esp-sha-hmac

crypto engine mode vrf

Crypto isakmp profile customer1

vrf customer1

keyring customer1-key

match identity address 2.0.0.1/32

Crypto isakmp profile customer2

vrf customer2

keyring customer2-key

match identity address 2.0.0.2/32

crypto map cm local-address vlan 11

crypto map cm1 10 ipsec-isakmp

set peer 2.0.0.1

set transform-set strong

set isakmp-profile customer1

match address acl customer1

crypto map cm2 20 ipsec-isakmp

set peer 2.0.0.2

set transform-set strong

set isakmp-profile customer2

match address acl customer2

interface vlan 100

ip vrf forwarding customer1

ip address 10.1.1.1/24

crypto engine subslot 1/0 inside

crypto map cm1

interface vlan 200

ip vrf forwarding customer2

ip address 10.2.2.1/24

crypto engine subslot 1/0 inside

crypto map cm2

interface vlan11

ip address 10.0.0.2/30

crypto engine subslot 1/0 outside

Regards

160
Views
0
Helpful
0
Replies