I have site with two links, one for internet traffic and one for voice, they have seperate public IP ranges. There is an existing site to site VPN between the site and a datacentre. The site device is a 2801 with a WIC-4ESW and the datacentre is an ASA 5510. The internet link is heavily contended and due to certain priority users complaining about the pseed of their connection, we decided to route these users over the voice link, and I did this using PBR. I created an SVI on the router and used one of the ports on the 4ESW to connect to the voice router.
I wanted to also create another site to site with a peer address on the voice link, so I configured a VRF, put the SVI into that VRF and created a static default route for the VRF. I set the VRF for a subnet of the existing LAN using PBR and I created a keychain for the VRF, set up an isakmp profile for that VRF and created the crypto map.
The site to site won't come up, and debugs are showing some weird stuff in the Proxy ID's and indicate that there is no crypto map exists for the interface.
I wish I could use VTI, but due tio the ASA at the remote end, I can't.
The configs and debugs are below. Can anyone help with this? Any advice much appreciated, including another way to achieve what i am trying to do.
ip vrf VOICE_ROUTER
description **VRF for VPN PBR and QoS for Finance Users**
crypto keyring VPN2MH vrf VOICE_ROUTER
pre-shared-key address 18.104.22.168 key *********
crypto isakmp profile VPN_FOR_FINANCE
match identity address 22.214.171.124 255.255.255.255 VOICE_ROUTER
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...