Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1223
Views
0
Helpful
1
Replies

Problem, FLEXVPN with dVTI and assign ip address authomatic from hub but i cannt ping the tunnel ip address

Comtrackllc
Level 1
Level 1

‎04-27-2019 02:15 PM - edited ‎02-21-2020 09:37 PM

Hi,

I configured my hub and spoke router with dVTI and policy base ip address assing to spoke router.

Everything works fine but the IP address of speaking router tunnel don't show in routing table static and i cannot ping the tunnel ip address and then i cannot run bgp routing protocol


i attach the configuration of hub and spoke router.

Please help me.
Thanks.

Labels:
Preview file
6 KB
Preview file
6 KB
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎04-28-2019 01:58 AM

Hi,

You will need to send the tunnel ip address to the peer using the command route set interface, via the authorization policy. Once configured, the tunnel interface will appear in the route table and will be defined as a Remote Subnet under the "show crypto ikev2 sa detailed" command output.

 

The Hub's authorization policy will need modifying and the Spoke will need a authorization policy created.

Example:-


HUB

crypto ikev2 authorization policy FLEXVPN_CONFIG
 route set interface


SPOKE

aaa new-model

aaa authorization network AUTHOR_LOCAL local

 

crypto ikev2 authorization policy FLEXVPN_CONFIG
 route set interface

 

crypto ikev2 profile FLEXVPN_IKEV2
 aaa authorization group cert list AUTHOR_LOCAL FLEXVPN_CONFIG

 

HTH

0 Helpful
Customers Also Viewed These Support Documents