Hi would like to set up peer-to-perr VPN connection between 2 VRF (Global and X) with VTI and VRF aware feature. At the momento I'm using 2 IP on public interface (primary and secondary) that are used as VPN peer for VRF global IPsec and X vrf IPsec termination, this Because I'm not able to configure the two VRF isakmp/IPsec profile on a single public IP. Does someone has an ideo how to differnciate the 2 IPsec tunnel without to configure secondary IPs ?
here the config of RTR1 that works with 2 public IP (RTR2 is configured in a simmetric way)...
Maybe you could help me out . I will explain the situation and what I want to setup:
The configuration needs to be similiar to this Configuration Template but will need a second tunnel included for backup. (**Note: For each tunnel I am required to use a different tunnel source. Each source being a WAN ip address.**)
crypto isakmp policy 1
encryption [ENCRYPTION TYPE]
hash [HASH TYPE]
crypto isakmp key [SECRET] address [REMOTE IP]
crypto ipsec transform-set [NAME] [TRANSFORM 1]
crypto map [MAP NAME] 10 ipsec-isakmp
set peer peer [REMOTE IP ADDRESS]
set transform-set [TRANSFORM-SET NAME]
match address [ACCESS-LIST NUMBER OR NAME]
access-list [ACL NUMBER OR NAME] permit gre host
[LOCAL IP] host [REMOTE IP]
interface [INTERFACE NAME/NUMBER]
ip address [LOCAL IP]
crypto map [MAP NAME]
ip address [LOCAL TUNNEL IP] 255.255.255.252
tunnel source [LOCAL INTERFACE IP]
tunnel destination [REMOTE IP]
router bgp [LOCAL AS NUMBER]
neighbor [VZW TUNNEL IP] remote-as 22394
network [INTERNAL NETWORK] mask [MASK]
The are the Requirements given to me from the vendor we are working with:
The IPSec tunnel endpoint and GRE tunnel endpoints must both reside on the same physical customer device.
BGP peering relationship between each Private Network connecting via VPN.
GRE is required because:
Allows for passing non-IP traffic (including Multicast, etc)
Creates a logical WAN Interface (with a /30 customer provided network).
Allows the Enterprise to extend their internal private network to the Wireless Private Network router.
Allows for simple EBGP peering at the GRE tunnel endpoints.
The Enterprise can make changes to their IP addressing without needing to notify Wireless Vendor.
Thanks. Any help would be greatly appreciated. Thanks.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...