Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

NBAR on Tunnel Interface on ASR1001

Ilya Geraskin
Level 1
Level 1

‎01-22-2015 11:44 AM - edited ‎03-05-2019 12:38 AM

Hello all,

I'm trying to implement service policy on our ipsec tunnels on ASR1001. Version: asr1001-universalk9.03.13.01.S.154-3.S1-ext.bin

Here is the typical Tunnel configuration:

interface Tunnel100
 ip address 172.x.x.x 255.255.255.252
 ip mtu 1450
 ip access-group ACL_IN in
 ip access-group ACL_OUT out
 ip policy route-map ForwardIP
 ip ospf network point-to-point
 ip ospf mtu-ignore
 ip ospf cost 40
 qos pre-classify
 tunnel source ZZ.ZZ.ZZ.ZZ
 tunnel mode ipip
 tunnel destination YY.YY.YY.YY
 tunnel protection ipsec profile IPSec-AES
 service-policy input Tunnel_IN

When I try to add an output service-policy on that interface, I get an error:

(nbar): (err): NBAR is not supported on  Tunnel10042

If I try to enable ip nbar protocol-discovery, I get an error:

% NBAR Error: Can not enable Protocol-discovery NBAR is not supported on this interface

Is it possible to use NBAR on that interface?

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic