Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
3
Replies

Vrf Aware IPSEC

Go to solution
spremkumar
Level 9
Level 9

‎07-29-2005 11:06 PM

Hi

i am trying something inline with title mentioned but i m getting stuck up in getting my vpnclient establish the connectivity with my IPE box which is 7206.

i have tried establishing the dynamic ipsec with my 6513 box configured to accept the same where its working fine w/o any issues but my bad luck i dont have a compatible ios to tune my 6513 box to support vrf aware ipsec and since i hv my 7206 supports the same functionality i didnt want 6513 to cater that feature.

i hve even tried the same config of normal plain dynamic ipsec which i hv tried in 6513 switch but still i m getting into the same problem.

i m getting remote peer is no longer responding in my vpn client.

i m attching the config of my ipe box herewith this msg,pls do suggest how do i proceed to make it thru coz i m gone out of ideas and gone totally dry

(coz trying/cracking this continously for hrs together..) :-(

regds

Labels:
Preview file
5 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎07-30-2005 01:52 PM

From what I can see you are missing the "crypto map crypto_map_name local-address" command.

Try adding it and see if it works.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎07-30-2005 01:52 PM

From what I can see you are missing the "crypto map crypto_map_name local-address" command.

Try adding it and see if it works.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
spremkumar
Level 9
Level 9
In response to Harold Ritter

‎07-31-2005 09:01 PM

Hi

thx a lot i got it working ,but do revert how come the same is working fine without any issues in my 6513 box without the above mentioned command.thtsy i got stumpeddd :-(

any compatibility issues or any specifics been put to add this syntax in 7206 boxes alone ?coz i m aware of some boxes even in production network running dynamic ipsec stuffs without the above mentioned command..

regds

0 Helpful

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to spremkumar

‎08-01-2005 04:26 AM

The only thing I can think of is a difference of behavior in the IOS train used on the 6500. My only experience with IPsec was on the 7200 and I ran into the same issue where the IPsec session wouldn't come up without this command. I could not speak to the behavior on the 6500.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful
Customers Also Viewed These Support Documents