02-21-2013 12:37 PM - edited 02-21-2020 06:43 PM
Hello
I am trying to configure VRF-aware IPSEC with e Dynamic VTI. I follow the guidelines from the document
Acording to the example: "VRF-Aware IPsec with a Dynamic VTI When VRF is Configured Under an ISAKMP Profile" I should be able to configure both the vrf and virtual-template features under the same crypto isakmp policy.
Unfortunalety, if I try to do that, I receive the following message
R4(conf-isa-prof)#virtual-template 1
% VRF already set for isakmp profile. Virtual Template not allowed
Does anyody know why I am not able to follow the configuration from this example?
My profile confguration, and the virtual-template configuration are as follows
crypto isakmp profile A
vrf A
keyring A
match identity address 192.168.0.2 255.255.255.255
interface Virtual-Template1 type tunnel
ip unnumbered Loopback2
tunnel mode ipsec ipv4
tunnel protection ipsec profile A
I am doing the test on the IOS 12.4(11)XW3 runningon 3725 router.
Thank you in advance for any hints.
Regards
Lukas
Solved! Go to Solution.
02-25-2013 02:22 PM
Lukas,
I'm not sure but most likely this was not yet supported in 12.4.
The document you refer to is for IOS 15.2. I don't know by heart if your 3715 can run 15.2, otherwise give 15.1(4)Mx a try ?
hth
Herbert
02-25-2013 02:22 PM
Lukas,
I'm not sure but most likely this was not yet supported in 12.4.
The document you refer to is for IOS 15.2. I don't know by heart if your 3715 can run 15.2, otherwise give 15.1(4)Mx a try ?
hth
Herbert
02-25-2013 11:05 PM
Hello
OK, thank you.
I will check if I have any hardware supporting 15.2.
If not I will perform a test with 15.1(4).
Regards
Lukas
02-25-2013 11:09 PM
Hi
I have just check it on the ASR with 15.1 software and in fact it works.
Thank you one more time for your help
Regards
Lukas
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: