Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
0
Helpful
1
Replies

Dynamic S2S ikev2 vpn between ASA and router with vrf

ecc
Level 1
Level 1

‎12-13-2017 05:59 PM - edited ‎03-12-2019 04:50 AM

Hello everyone!

Hopefully this is the right forum for this topic.

 

I was able to get this configuration working just fine, https://www.cisco.com/c/en/us/support/docs/ip/internet-key-exchange-ike/118743-configure-asa-00.html

 

Actually i was able to have two vpn tunnels up to two different networks using same router and establishing the tunnels to two different ASA, worked great!

Where i need help is here, what i want to do is in the cisco router 891 create vrf to isolate the two networks. I was doing some reading and i think i have to use ivrf and fvrf but im getting confuse in how to do it. Someone have experience doing this kind of configs? Can someone help?  Please, help would be appreciated. 

 

Thanks!

Thanks!

 

 

 

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎12-13-2017 07:20 PM

Hi
The idea is fvrf will be your wan interface (encrypted traffic) and ivrf (your customer vrf, clear traffic).

The ivrf is configured under the profile and the fvrf under the policy.

I share with you done links where you can see the config. If you need help, share your config and we'll adapt them:

https://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-cfg-ikev2-flex.html#GUID-52DFA2B3-D893-4FDF-A089-C4B13153BE60


https://supportforums.cisco.com/t5/security-documents/vrf-aware-ipsec-cheat-sheet/ta-p/3109449 --> ikev1 but good post

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents