04-27-2019 02:15 PM - edited 02-21-2020 09:37 PM
Hi,
I configured my hub and spoke router with dVTI and policy base ip address assing to spoke router.
Everything works fine but the IP address of speaking router tunnel don't show in routing table static and i cannot ping the tunnel ip address and then i cannot run bgp routing protocol
i attach the configuration of hub and spoke router.
Please help me.
Thanks.
04-28-2019 01:58 AM
Hi,
You will need to send the tunnel ip address to the peer using the command route set interface, via the authorization policy. Once configured, the tunnel interface will appear in the route table and will be defined as a Remote Subnet under the "show crypto ikev2 sa detailed" command output.
The Hub's authorization policy will need modifying and the Spoke will need a authorization policy created.
Example:-
HUB
crypto ikev2 authorization policy FLEXVPN_CONFIG
route set interface
SPOKE
aaa new-model
aaa authorization network AUTHOR_LOCAL local
crypto ikev2 authorization policy FLEXVPN_CONFIG
route set interface
crypto ikev2 profile FLEXVPN_IKEV2
aaa authorization group cert list AUTHOR_LOCAL FLEXVPN_CONFIG
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide