cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
398
Views
0
Helpful
3
Replies

Vrf Aware IPSEC

spremkumar
Engager
Engager

Hi

i am trying something inline with title mentioned but i m getting stuck up in getting my vpnclient establish the connectivity with my IPE box which is 7206.

i have tried establishing the dynamic ipsec with my 6513 box configured to accept the same where its working fine w/o any issues but my bad luck i dont have a compatible ios to tune my 6513 box to support vrf aware ipsec and since i hv my 7206 supports the same functionality i didnt want 6513 to cater that feature.

i hve even tried the same config of normal plain dynamic ipsec which i hv tried in 6513 switch but still i m getting into the same problem.

i m getting remote peer is no longer responding in my vpn client.

i m attching the config of my ipe box herewith this msg,pls do suggest how do i proceed to make it thru coz i m gone out of ideas and gone totally dry

(coz trying/cracking this continously for hrs together..) :-(

regds

1 Accepted Solution

Accepted Solutions

Harold Ritter
Cisco Employee
Cisco Employee

From what I can see you are missing the "crypto map crypto_map_name local-address" command.

Try adding it and see if it works.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

3 Replies 3

Harold Ritter
Cisco Employee
Cisco Employee

From what I can see you are missing the "crypto map crypto_map_name local-address" command.

Try adding it and see if it works.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi

thx a lot i got it working ,but do revert how come the same is working fine without any issues in my 6513 box without the above mentioned command.thtsy i got stumpeddd :-(

any compatibility issues or any specifics been put to add this syntax in 7206 boxes alone ?coz i m aware of some boxes even in production network running dynamic ipsec stuffs without the above mentioned command..

regds

The only thing I can think of is a difference of behavior in the IOS train used on the 6500. My only experience with IPsec was on the 7200 and I ran into the same issue where the IPsec session wouldn't come up without this command. I could not speak to the behavior on the 6500.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: