Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
469
Views
0
Helpful
0
Replies

IOS-XE vrf-aware site-to-site tunnel VPN via REST-API

Jakub Obetko
Level 1
Level 1

‎09-04-2017 04:29 AM - edited ‎03-05-2019 09:05 AM

Hello,

 

I am trying to deploy our VPN configuration via REST API on ASR1001X, but I am currently testing it on CSR1000V in my lab. However, I am stuck with the problem that our VPN configuration is VRF-aware - meaning we do have transport VRF (FVRF) and inside vrf (IVRF) deployed. Just to imagine the tunnel configuration:

interface Tunnel1
ip vrf forwarding ivrf_cust
ip address <tunnel_subnet_local_ip> <subnet_mask>
ip tcp adjust-mss 1350
tunnel source <local_ipsec_peer_ip>
tunnel mode ipsec ipv4
tunnel destination <remote_ipsec_peer_ip>
tunnel vrf fvrf_ext
tunnel protection ipsec profile <proj-ipsecv1-prof1>
!

It seems that everything is configurable with REST-API but the "tunnel vrf" part of configuration is not- which is essential to deploy vrf-aware s2s vpn. I found that you can put VPN in VRF (ivrf config), but did not found how to associate FVRF with it:

https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/restapi/restapi/RESTAPIvrf.html#25681

 

Can you please let me know if such a configuration is supported in some version of IOS-XE or REST-API?

 

Thank you very much for any advice.

Best regards,

Jakub

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card