Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
762
Views
0
Helpful
1
Replies

AnyConnect or IPsec remote-VPN to vrf

RemRem
Level 1
Level 1

‎01-17-2019 06:55 AM - edited ‎02-21-2020 09:32 PM

Greetings,

I'm trying to set up a VPN Connection to a router with several vrf. The VPN connection works but as the WAN interface is in global I cannot access the network within the vrf.

I have tried with the Virtual-Template IF assigned to the vrf and global but neither works.

Any idea how I can configure a VPN connection to a certain vrf without assigning the WAN IF to that vrf?

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎01-17-2019 07:09 AM

Hi,

I assume you are using FlexVPN. You will need to use aaa authorization, name-mangler to distinguish between users in the different vrf's, multiple loopback interfaces on the router in the different vrfs and use "ip address negoiated" under the tunnel interface. Once authorized the correct loopback will be assigned to the VA interface and the AC user will be able to access resources in that vrf.

 

Here is an example, it's for a S2S VPN but the same principal applies. It uses ISE as a RADIUS server for authorization, you could use another RADIUS server - the av-pairs required are listed.

 

HTH

0 Helpful
Customers Also Viewed These Support Documents