Re: OT: EzVPN client in a VRF on 2800 ISR

Hi George,

Have you tried making the same configuration using an ISAKAMP PROFILE? IIRC,
there is an option to put a VRF in there, somewhere.

Let us know how you get on please.

Sadiq

On Sun, Jan 30, 2011 at 10:28 AM, George Goglidze <goglidze_at_gmail.com>wrote:

> Hi all,
>
> Does anybody know how to configure EzVPN client inside a VRF?
> I have this sample config that does not work:
>
> same config worked fine as soon as I removed VRF from interfaces... the
> rest
> of config was left unchanged.
>
> Thanks,
>
> !
> ip dhcp pool mypool
> network 192.168.25.0 255.255.255.0
> default-router 192.168.10.1
> lease 8
> !
>
> !
> !
> crypto isakmp policy 10
> encr 3des
> authentication pre-share
> group 2
>
> !
> !
> !
> crypto ipsec client ezvpn myvpn
> connect manual
> group mygroup key mykey
> mode network-plus
> peer 78.78.78.78
> virtual-interface 1
> xauth userid mode interactive
> !
>
> !
> !
> !
> !
> !
> interface Loopback0
> ip vrf forwarding myvrf
> ip address 1.1.1.1 255.255.255.255
> !
>
> !
> !
> interface GigabitEthernet0/0
> ip vrf forwarding myvrf
> ip address 192.168.25.1 255.255.255.0
> ip nat inside
> ip virtual-reassembly
> crypto ipsec client ezvpn myvpn inside
> !
> !
> interface GigabitEthernet0/1
> ip vrf forwarding myvrf
> ip address dhcp
> ip nat outside
> ip virtual-reassembly
> duplex auto
> speed auto
> crypto ipsec client ezvpn myvpn
> !
> interface Virtual-Template1 type tunnel
> ip vrf forwarding myvrf
> ip unnumbered Loopback0
> tunnel mode ipsec ipv4
>
> ip route vrf myvrf 0.0.0.0 0.0.0.0 dhcp
> !
> ip nat inside source list 101 interface GigabitEthernet0/1 vrf myvrf
> overload
> !
> access-list 101 permit ip 192.168.25.0 0.0.0.255 any
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIEx2 (R&S|Sec) #19963
Blogs and organic groups at http://www.ccie.net