06-26-2014 12:39 AM - edited 02-21-2020 07:42 PM
Hi.
I have a problem with my IPsec on a Cisco ASR1002 router. I suspect that problem is because I configured Loopback as interface that has to be on a ASR1002. Does anybody knows is it possible to configure Loopback interface on ASR1002 for IPsec tunnel?
Thank you.
Petar
06-26-2014 02:40 AM
Hi Petar,
try with this on your vpn configurations.
crypto map <mapname> local-address loopback 0
Regards
Karthik
06-26-2014 03:48 AM
Thank you for your answer Karthik. I already configured this line. In mean time, I discovered that Loopback interface can not support "crypto map" command on it... Am I right? Do you have that kind of experience?
Thak you again.
Petar
06-26-2014 04:59 AM
Hi Petar,
It supports crypto map in loopback interface.
R2#sh runn int loopback 0
Building configuration...
Current configuration : 59 bytes
!
interface Loopback0
no ip address
crypto map test
end
R2#
There shouldn't be any problem. You can do with that
Regards
Karthik
06-26-2014 05:27 AM
I found that option on my Loopback interface, and I configured it (as you sugested). And it still does not work. IPsec tunnel is up, traffic goes through tunnel (goes in tunnel - statistics on my Cisco VPN client tell me that), but when I try to ping any address in vrf, that is not possible. I do not have any idea why this does not work. Only thing that I have to suspect is that for loopback interface and crypto map... I found here on a "Cisco support forum" that crypto map is not supported for loopback... This is the link for that answer:
https://supportforums.cisco.com/discussion/10895791/ipsec-crypto-map-loopback#comment-9788656
Guy that answered, his name on forum is: Javier Portuguez
Thank you... If you have any idea, please help... :)
Petar
06-26-2014 05:36 AM
Hi Petar,
Here is the cisco document which says we can have ipsec tunnel over virtual tunnel interface with vrf using virtual-template option.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/12-4t/sec-sec-for-vpns-w-ipsec-12-4t-book/sec-ipsec-virt-tunnl.html
Please let me know if this not meets your requirement
Regards
Karthik
06-26-2014 06:44 AM
Thank you Karthik... This is GRE tunnel, and inside it you put IPsec... I have something like that in my network... I know that this works... I need pure IPsec (I tried to configure just IPsec - the way I described it to you earlier - and it does not work)...
Thank you very much... You were real help today...
Sincerely,
Petar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide