Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1618
Views
0
Helpful
3
Replies

VRF-Aware IPsec with a Dynamic VTI

Go to solution
lukaszkhalil
Level 1
Level 1

‎02-21-2013 12:37 PM - edited ‎02-21-2020 06:43 PM

Hello

I am trying to configure VRF-aware IPSEC with e Dynamic VTI. I follow the guidelines from the document

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_vpnips/configuration/15-2mt/sec-ipsec-virt-tunnl.html#GUID-C0A165BF-5866-4B13-BD73-0892B7E65488

Acording to the example: "VRF-Aware IPsec with a Dynamic VTI When VRF is Configured Under an ISAKMP Profile" I should be able to configure both the vrf and virtual-template features under the same crypto isakmp policy.

Unfortunalety, if I try to do that, I receive the following message

R4(conf-isa-prof)#virtual-template 1

% VRF already set for isakmp profile. Virtual Template not allowed

Does anyody know why I am not able to follow the configuration from this example?

My profile confguration, and the virtual-template configuration are as follows

crypto isakmp profile A

   vrf A

   keyring A

   match identity address 192.168.0.2 255.255.255.255

interface Virtual-Template1 type tunnel

ip unnumbered Loopback2

tunnel mode ipsec ipv4

tunnel protection ipsec profile A

I am doing the test on the IOS 12.4(11)XW3 runningon 3725 router.

Thank you in advance for any hints.

Regards

Lukas

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎02-25-2013 02:22 PM

Lukas,

I'm not sure but most likely this was not yet supported in 12.4.

The document you refer to is for IOS 15.2. I don't know by heart if your 3715 can run 15.2, otherwise give 15.1(4)Mx a try ?

hth

Herbert

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Herbert Baerten
Cisco Employee
Cisco Employee

‎02-25-2013 02:22 PM

Lukas,

I'm not sure but most likely this was not yet supported in 12.4.

The document you refer to is for IOS 15.2. I don't know by heart if your 3715 can run 15.2, otherwise give 15.1(4)Mx a try ?

hth

Herbert

0 Helpful

Go to solution
lukaszkhalil
Level 1
Level 1
In response to Herbert Baerten

‎02-25-2013 11:05 PM

Hello

OK, thank you.

I will check if I have any hardware supporting 15.2.

If not I will perform a test with 15.1(4).

Regards

Lukas

0 Helpful

Go to solution
lukaszkhalil
Level 1
Level 1
In response to lukaszkhalil

‎02-25-2013 11:09 PM

Hi

I have just check it on the ASR with 15.1 software and in fact it works.

Thank you one more time for your help

Regards

Lukas

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents