I am troubleshooting a VTI from an ASA to and IOS so I am starting with a non protected tunnel to rule out crypto. As you can see below the status and protocol are both down. I feel like this is because of "Mode: invalid! IPsec profile: Not defined" as seen below under the command #sho int tun88
NYC-ASA(config)# sho int ip b
Interface IP-Address OK? Method Status Protocol
Tunnel88 10.0.100.2 YES manual down down
NYC-ASA# sho int tun88
Interface Tunnel88 "VTI", is down, line protocol is down
Hardware is Virtual Tunnel MAC address N/A, MTU 1500
IP address 10.0.100.2, subnet mask 255.255.255.252
Tunnel Interface Information:
Source interface: Outside IP address: Removed.254
Destination IP address: X.X.X.1
Mode: invalid! IPsec profile: Not defined
NYC-ASA# sho run int tun88
ip address 10.0.100.2 255.255.255.252
tunnel source interface Outside
tunnel destination X.X.X.1
Thanks for the help.
Solved! Go to Solution.
It doesn't look like you have an IPSec profile attached to the VTI. E.g.
crypto ipsec profile IPSEC_PROFILE
set ikev2 ipsec-proposal TSET
tunnel protection ipsec profile IPSEC_PROFILE
Thanks for the quick reply.
I do not want any protection. I will add that later.
Do I have to have tunnel protection for the tunnel to get tunnel up?