close
Top Panel
Top Panel
Top Panel
IOS: VRF-aware IPSec Site-2-Site configuration PDF Print E-mail
Written by Alexei Spirin   
Saturday, 02 February 2008 18:18
IOS config: VRF-Aware IPSec Site-2-Site configuration (fully virtual hub)
version 12.4
!
ip cef
no ip domain lookup
!
!
ip vrf vpn1
description IPSec transport VRF
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip vrf vpn11
description IP logical VRF for user's traffic
rd 11:11
route-target export 11:11
route-target import 11:11
!
crypto keyring crKR1 vrf vpn1
pre-shared-key address 192.168.1.2 key cisco
no crypto xauth FastEthernet0/0
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp profile vpn1
vrf vpn1
keyring crKR1
match identity address 192.168.1.2 255.255.255.255 vpn1
!
!
crypto ipsec transform-set trS1 esp-3des esp-sha-hmac
!
crypto ipsec profile crIP
set transform-set trS1
set isakmp-profile vpn1
!
interface Loopback1
ip vrf forwarding vpn11
ip address 172.17.1.1 255.255.255.255
!
interface Tunnel1
ip vrf forwarding vpn11
ip address 172.16.1.1 255.255.255.0
tunnel source 192.168.1.1
tunnel destination 192.168.1.2
tunnel mode ipsec ipv4
tunnel vrf vpn1
tunnel protection ipsec profile crIP
!
interface FastEthernet0/0
ip vrf forwarding vpn1
ip address 192.168.1.1 255.255.255.0
!
ip route vrf vpn11 172.17.1.2 255.255.255.255 172.16.1.2
Last Updated on Saturday, 25 October 2008 10:14
 

Comments  

 
# nj 2009-09-13 23:59
And the crypto isn't applied because?
Reply
 
 
# TS 2016-05-18 14:25
It's applied:

interface Tunnel1
tunnel protection ipsec profile crIP
Reply