04-20-2014 04:09 PM - edited 02-21-2020 07:36 PM
Could someone please tell me how to configure the following configs to use static routes to route traffic between sites using the vpn tunnel? Listed below is the site to site configuration for the Flexvpn setup. The configs below will route traffic between sites, when using a dynamic routing protocol but if the dynamic routing protocol is removed and static routes are added to the configuration, traffic will not route between sites through the vpn tunnel. The attachment is a picture of the topology that is being used and the initial router configs.
Server Side Interface loopback 10 ip address 192.168.1.1 255.255.255.0 no shut Exit Inter virtual-template 1 type tunnel ip unnumbered loopback 10 Tunnel source F0/0 Tunnel mode ipsec ipv4
Crypto ikev2 proposal PROP_1 Integrity md5 Group 2 Encryption 3des
Crypto ikev2 policy POL_1 proposal PROP_1
Crypto ikev2 keyring KR_1 Peer R2 Address 192.1.23.1 Pre-shared-key cisco
Crypto ikev2 profile PROF_1 match identity remote address 192.1.23.1 255.255.255.255 authentication local pre-share authentication remote pre-share keyring local KR_1 virtual-template 1
Crypto ipsec transform-set ABC esp-3des esp-md5
Crypto ipsec profile ABC set transform-set ABC set ikev2-profile PROF_1
Interface virtual-template 1 Tunnel protection ipsec profile ABC
Router eigrp 100 no auto net 192.168.1.0 net 10.0.0.0
| Spoke Side
Crypto ikev2 proposal PROP_1 Integrity md5 Group 2 Encryption 3des
Crypto ikev2 policy POL_1 proposal PROP_1
Crypto ikev2 keyring KR_1 Peer FlexSrv Address 192.1.13.1 Pre-shared-key cisco
Crypto ikev2 profile PROF_1 match identity remote address 192.1.13.1 255.255.255.255 authentication local pre-share authentication remote pre-share keyring local KR_1
Crypto ipsec transform-set ABC esp-3des esp-md5
Crypto ipsec profile ABC set transform-set ABC set ikev2-profile PROF_1
Interface tunnel 1 Ip address 192.168.1.2 255.255.255.0 Tunnel source f0/1 Tunnel destination 192.1.13.1 Tunnel mode ipsec ipv4 Tunnel protection ipsec profile ABC
Router eigrp 100 no auto net 192.168.1.0 net 10.0.0.0
|
06-02-2014 04:16 AM
Hi Maurice
You can use mode config to send prefixes so that when the VPN is established a route is installed into the RIB.
Check the following config guide for aaa authorization and the route-set command.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-flex-vpn-xe-3s-book/sec-cfg-flex-serv.html#GUID-BAAF31B7-0941-418E-A867-8E6750F1DB03
This is an example that uses the technology.
http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115782-flexvpn-site-to-site-00.html
Please let us know how you get on.
many thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide