Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
1
Replies

How to configure VRF aware L2L IPSEC VPN with Dynmap ? (dynamic IP addressing on remote site)

JEROME BOSC
Level 1
Level 1

‎10-12-2015 09:10 AM - edited ‎02-21-2020 08:30 PM

Hi,

I am trying to setup various L2L IPSEC VPN and map them inside various VRF.

As remote site can have dymamic public IP, I cannot use static crypto mapping but use dynmap.

 

My problem is how to map L2L VPN to a specific VRF using dynmap ? I can make it work with static satement but not with dynmap.

 

Do you have any silution ?

Labels:
0 Helpful
1 Reply 1

Henrik Grankvist
Level 4
Level 4

‎10-12-2015 10:21 AM

Hi

Have you tried using a crypto isakmp profile? At least that is what I've been using to accomplish the same goals.

Example:

crypto dynamic-map dyn1 1
 set transform-set AES256_SHA
 set isakmp-profile CRYPTO-ISAKMP-PROFILE
 match address <CRYPTO-ACL>

crypto isakmp profile CRYPTO-ISAKMP-PROFILE
   vrf <inside vrf>
   keyring <name of keyring>
   self-identity fqdn <hostname of local router>
   match identity host <hostname of remote router> <frontdoor vrf (if any)>
0 Helpful
Customers Also Viewed These Support Documents