Hello All

I am having an issue setting up two separate tunnels running over a single GRE; is this something that is possible?

Would be grateful to have you advice.

I am able to ping across the tunnel (120) using the VRF but as soon as i am adding tunnel 121 which is native (not using vrf) i can ping across the new tunnel 121 but cannot ping the original tunnel 120

Background of the setup.

R1  ------- Internet -------- R2

R1

!

crypto keyring IPsec-KEY vrf Internet

  pre-shared-key address 0.0.0.0 0.0.0.0 key KEY

!

crypto isakmp policy 1

encr aes

authentication pre-share

group 2

lifetime 28800

!

crypto isakmp invalid-spi-recovery

crypto isakmp profile ISAKMP-profile

   keyring IPsec-KEY

   match identity address 0.0.0.0 Internet

!

crypto ipsec transform-set trans esp-aes esp-md5-hmac

mode transport

!

crypto ipsec profile IPSEC-profile

set security-association lifetime seconds 86400

set transform-set trans

set pfs group2

set isakmp-profile ISAKMP-profile

!

!

interface Tunnel120

vrf forwarding mgmt

bandwidth 256

ip address 10.169.9.81 255.255.255.252

ip mtu 1376

ip tcp adjust-mss 1360

tunnel source Loopback810

tunnel destination xxx.xxx.xxx.xxx

tunnel vrf Internet

tunnel protection ipsec profile IPSEC-profile shared

!

R2 mirrors this config but as soon as i add tun 121 with the following config i get connectivity to the 121

tunnel 121 i configured as follows:

interface Tunnel121

ip address 10.190.12.249 255.255.255.252

ip mtu 1376

ip tcp adjust-mss 1360

tunnel source Loopback810

tunnel destination xxx.xxx.xxx.xxx

tunnel vrf Internet

tunnel protection ipsec profile IPSEC-profile shared

!

Please advice if I am making some errors?

Also let me know if any more information is required on this.

Thanks in advance,