cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
631
Views
5
Helpful
6
Replies

IPsec problem

Petar Bajovic
Level 1
Level 1

Hi. 

I have a problem with my IPsec on a Cisco ASR1002 router. I suspect that problem is because I configured Loopback as interface that has to be on a ASR1002. Does anybody knows is it possible to configure Loopback interface on ASR1002 for IPsec tunnel?

Thank you.

Petar

6 Replies 6

nkarthikeyan
Level 7
Level 7

Hi Petar,

try with this on your vpn configurations.

crypto map <mapname> local-address loopback 0

 

Regards

Karthik

 

Thank you for your answer Karthik. I already configured this line. In mean time, I discovered that Loopback interface can not support "crypto map" command on it... Am I right? Do you have that kind of experience?

Thak you again.

Petar

Hi Petar,

 

It supports crypto map in loopback interface.

 

R2#sh runn int loopback 0
Building configuration...

Current configuration : 59 bytes
!
interface Loopback0
 no ip address
 crypto map test
end

R2#

 

There shouldn't be any problem. You can do with that

 

Regards

Karthik

I found that option on my Loopback interface, and I configured it (as you sugested). And it still does not work. IPsec tunnel is up, traffic goes through tunnel (goes in tunnel - statistics on my Cisco VPN client tell me that), but when I try to ping any address in vrf, that is not possible. I do not have any idea why this does not work. Only thing that I have to suspect is that for loopback interface and crypto map... I found here on a "Cisco support forum" that crypto map is not supported for loopback... This is the link for that answer: 

https://supportforums.cisco.com/discussion/10895791/ipsec-crypto-map-loopback#comment-9788656 

Guy that answered, his name on forum is: Javier Portuguez

Thank  you... If you have any idea, please help... :)

Petar

 

Hi Petar,

 

Here is the cisco document which says we can have ipsec tunnel over virtual tunnel interface with vrf using virtual-template option.

 

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/12-4t/sec-sec-for-vpns-w-ipsec-12-4t-book/sec-ipsec-virt-tunnl.html

Please let me know if this not meets your requirement

 

Regards

Karthik

Thank you Karthik... This is GRE tunnel, and inside it you put IPsec... I have something like that in my network... I know that this works... I need pure IPsec (I tried to configure just IPsec - the way I described it to you earlier - and it does not work)...

Thank you very much... You were real help today...

Sincerely,

Petar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: