Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
49
Views
0
Helpful
0
Comments

Site-to-Site FlexVPN through Static VTI Implementation

Blue_Bird
VIP
VIP

‎07-14-2025 03:56 AM - edited ‎07-14-2025 04:21 AM

                                                               Site-to-Site FlexVPN through Static VTI Implementation

Lab Topology

                          Blue_Bird_0-1752489941021.png

R1 Configuration

Step-1: Configure domain name

R1(config)# ip domain-name test.com

Step-2: Configure Keyring

R1(config)# crypto ikev2 keyring KR

R1(config-ikev2-keyring)# peer R2

R1(config-ikev2-keyring-peer)# address 2.2.2.2

R1(config-ikev2-keyring-peer)# pre-shared-key local cisco@123

R1(config-ikev2-keyring-peer)# pre-shared-key remote cisco@123

R1(config-ikev2-keyring-peer)# exit

Step-3: Create ikev2 profile

R1(config)# crypto ikev2 profile PRO1

R1(config-ikev2-profile)# match identity remote fqdn R2.test.com

R1(config-ikev2-profile)# identity local fqdn R1.test.com

R1(config-ikev2-profile)# authentication local pre-share

R1(config-ikev2-profile)# authentication remote pre-share

R1(config-ikev2-profile)# keyring local KR

R1(config-ikev2-profile)# exit

Step-4: Create ipsec profile

R1(config)# crypto ipsec profile default

R1(ipsec-profile)# set ikev2-profile PRO1

R1(ipsec-profile)# exit

Step-5: Create Tunnel Interface

R1(config)# interface tunnel0

R1(config-if)# ip address 10.1.1.1 255.255.255.0

R1(config-if)# tunnel source fastEthernet 0/0

R1(config-if)# tunnel destination 2.2.2.2

R1(config-if)# tunnel protection ipsec profile default

R1(config-if)# exit

Step-6: Routing Configuration (static/dynamic)

R1(config)# Router eigrp 1

R1(config-router)# network 192.168.1.1 0.0.0.0

R1(config-router)# network 10.1.1.0 0.0.0.255

R1(config-router)# no auto-summary

R1(config-router)# exit

R2 Configuration

Step-1: Configure domain name

R2(config)# ip domain-name test.com

Step-2: Configure Keyring

R2(config)# crypto ikev2 keyring KR

R2(config-ikev2-keyring)# peer R1

R2(config-ikev2-keyring-peer)# address 1.1.1.1

R2(config-ikev2-keyring-peer)# pre-shared-key local cisco@123

R2(config-ikev2-keyring-peer)# pre-shared-key remote cisco@123

R2(config-ikev2-keyring-peer)# exit

Step-3: Create ikev2 profile

R2(config)# crypto ikev2 profile PRO1

R2(config-ikev2-profile)# match identity remote fqdn R1.test.com

R2(config-ikev2-profile)# identity local fqdn R2.test.com

R2(config-ikev2-profile)# authentication local pre-share

R1(config-ikev2-profile)# authentication remote pre-share

R2(config-ikev2-profile)# keyring local KR

R2(config-ikev2-profile)# exit

Step-4: Create ipsec profile

R2(config)# crypto ipsec profile default

R2(ipsec-profile)# set ikev2-profile PRO1

R2(ipsec-profile)# exit

Step-5: Create Tunnel Interface

R2(config)# interface tunnel0

R2(config-if)# ip address 10.1.1.2 255.255.255.0

R2(config-if)# tunnel source fastEthernet 0/0

R2(config-if)# tunnel destination 1.1.1.1

R2(config-if)# tunnel protection ipsec profile default

R2(config-if)# exit

Step-6: Routing Configuration (static/dynamic)

R2(config)# Router eigrp 1

R2(config-router)# network 192.168.2.2 0.0.0.0

R2(config-router)# network 10.1.1.0 0.0.0.255

R2(config-router)# no auto-summary

R2(config-router)# exit

Verification

Blue_Bird_1-1752490154961.pngBlue_Bird_2-1752490199334.png
Blue_Bird_0-1752490443080.png

.............................................................................................. Thank you very much..! .........................................................................

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents