06-26-2014 12:39 AM - edited 02-21-2020 07:42 PM
Hi.
I have a problem with my IPsec on a Cisco ASR1002 router. I suspect that problem is because I configured Loopback as interface that has to be on a ASR1002. Does anybody knows is it possible to configure Loopback interface on ASR1002 for IPsec tunnel?
Thank you.
Petar
06-26-2014 02:40 AM
Hi Petar,
try with this on your vpn configurations.
crypto map <mapname> local-address loopback 0
Regards
Karthik
06-26-2014 03:48 AM
Thank you for your answer Karthik. I already configured this line. In mean time, I discovered that Loopback interface can not support "crypto map" command on it... Am I right? Do you have that kind of experience?
Thak you again.
Petar
06-26-2014 04:59 AM
Hi Petar,
It supports crypto map in loopback interface.
R2#sh runn int loopback 0
Building configuration...
Current configuration : 59 bytes
!
interface Loopback0
no ip address
crypto map test
end
R2#
There shouldn't be any problem. You can do with that
Regards
Karthik
06-26-2014 05:27 AM
I found that option on my Loopback interface, and I configured it (as you sugested). And it still does not work. IPsec tunnel is up, traffic goes through tunnel (goes in tunnel - statistics on my Cisco VPN client tell me that), but when I try to ping any address in vrf, that is not possible. I do not have any idea why this does not work. Only thing that I have to suspect is that for loopback interface and crypto map... I found here on a "Cisco support forum" that crypto map is not supported for loopback... This is the link for that answer:
https://supportforums.cisco.com/discussion/10895791/ipsec-crypto-map-loopback#comment-9788656
Guy that answered, his name on forum is: Javier Portuguez
Thank you... If you have any idea, please help... :)
Petar
06-26-2014 05:36 AM
Hi Petar,
Here is the cisco document which says we can have ipsec tunnel over virtual tunnel interface with vrf using virtual-template option.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/12-4t/sec-sec-for-vpns-w-ipsec-12-4t-book/sec-ipsec-virt-tunnl.html
Please let me know if this not meets your requirement
Regards
Karthik
06-26-2014 06:44 AM
Thank you Karthik... This is GRE tunnel, and inside it you put IPsec... I have something like that in my network... I know that this works... I need pure IPsec (I tried to configure just IPsec - the way I described it to you earlier - and it does not work)...
Thank you very much... You were real help today...
Sincerely,
Petar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: