08-17-2009 02:26 AM - edited 02-21-2020 04:19 PM
Hello,
I need to clarify some things about routing with DVTI on the Cisco 1801. I have a VirtualTemplate interface associated with a Dialer interface:
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel source Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI_Profile
crypto isakmp profile VTI_Profile
keyring TEST
match identity address 1.2.3.4 255.255.255.255
client configuration address respond
keepalive 3600 retry 60
virtual-template 1
local-address Dialer0
Gateway of last resort is not set. I have PBR for incoming IPSec connections:
ip local policy route-map LOCAL
route-map LOCAL permit 10
match ip address 150
set interface Dialer0
route-map LOCAL permit 20
match ip address 152
set global
access-list 150 permit ip host 5.6.7.8 any
access-list 152 permit ip any any
After IPSec tunnel is established the new interface VirtualAccess1 is appeared and route to remote LAN added to global route table:
S 192.168.40.0/24 [1/0] via 1.2.3.4, Virtual-Access1
The ping from local LAN to remote LAN is not working until I add the default gateway. Is there route lookup action after packets pass through VirtualAccess interface?
08-21-2009 10:10 AM
VTIs allow you to establish an encryption tunnel using a real interface as the tunnel endpoint.
Refer to the below URL for more info:
08-25-2009 08:00 PM
Hi,
Could you look at Figure 3 at URL specified by you? If I configure different PBRs for inside interface,outside interface and VTI in what sequence they will be looked up?
regards,
Aleksei
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide