Hello All
I am having an issue setting up two separate tunnels running over a single GRE; is this something that is possible?
Would be grateful to have you advice.
I am able to ping across the tunnel (120) using the VRF but as soon as i am adding tunnel 121 which is native (not using vrf) i can ping across the new tunnel 121 but cannot ping the original tunnel 120
Background of the setup.
R1 ------- Internet -------- R2
R1
!
crypto keyring IPsec-KEY vrf Internet
pre-shared-key address 0.0.0.0 0.0.0.0 key KEY
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp invalid-spi-recovery
crypto isakmp profile ISAKMP-profile
keyring IPsec-KEY
match identity address 0.0.0.0 Internet
!
crypto ipsec transform-set trans esp-aes esp-md5-hmac
mode transport
!
crypto ipsec profile IPSEC-profile
set security-association lifetime seconds 86400
set transform-set trans
set pfs group2
set isakmp-profile ISAKMP-profile
!
!
interface Tunnel120
vrf forwarding mgmt
bandwidth 256
ip address 10.169.9.81 255.255.255.252
ip mtu 1376
ip tcp adjust-mss 1360
tunnel source Loopback810
tunnel destination xxx.xxx.xxx.xxx
tunnel vrf Internet
tunnel protection ipsec profile IPSEC-profile shared
!
R2 mirrors this config but as soon as i add tun 121 with the following config i get connectivity to the 121
tunnel 121 i configured as follows:
interface Tunnel121
ip address 10.190.12.249 255.255.255.252
ip mtu 1376
ip tcp adjust-mss 1360
tunnel source Loopback810
tunnel destination xxx.xxx.xxx.xxx
tunnel vrf Internet
tunnel protection ipsec profile IPSEC-profile shared
!
Please advice if I am making some errors?
Also let me know if any more information is required on this.
Thanks in advance,
