Re: OT: EzVPN client in a VRF on 2800 ISR from George Goglidze on 2011-01-30 (Ccielab archives 01/2011)

From: George Goglidze <goglidze_at_gmail.com>
Date: Sun, 30 Jan 2011 13:00:55 +0000

can you attach a isakmp profile to ezvpn client ? I have tried but was not
able to.

On Sun, Jan 30, 2011 at 12:57 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com>wrote:

> Hi George,
>
> Have you tried making the same configuration using an ISAKAMP PROFILE?
> IIRC, there is an option to put a VRF in there, somewhere.
>
> Let us know how you get on please.
>
> Sadiq
>
> On Sun, Jan 30, 2011 at 10:28 AM, George Goglidze <goglidze_at_gmail.com>wrote:
>
>> Hi all,
>>
>> Does anybody know how to configure EzVPN client inside a VRF?
>> I have this sample config that does not work:
>>
>> same config worked fine as soon as I removed VRF from interfaces... the
>> rest
>> of config was left unchanged.
>>
>> Thanks,
>>
>> !
>> ip dhcp pool mypool
>> network 192.168.25.0 255.255.255.0
>> default-router 192.168.10.1
>> lease 8
>> !
>>
>> !
>> !
>> crypto isakmp policy 10
>> encr 3des
>> authentication pre-share
>> group 2
>>
>> !
>> !
>> !
>> crypto ipsec client ezvpn myvpn
>> connect manual
>> group mygroup key mykey
>> mode network-plus
>> peer 78.78.78.78
>> virtual-interface 1
>> xauth userid mode interactive
>> !
>>
>> !
>> !
>> !
>> !
>> !
>> interface Loopback0
>> ip vrf forwarding myvrf
>> ip address 1.1.1.1 255.255.255.255
>> !
>>
>> !
>> !
>> interface GigabitEthernet0/0
>> ip vrf forwarding myvrf
>> ip address 192.168.25.1 255.255.255.0
>> ip nat inside
>> ip virtual-reassembly
>> crypto ipsec client ezvpn myvpn inside
>> !
>> !
>> interface GigabitEthernet0/1
>> ip vrf forwarding myvrf
>> ip address dhcp
>> ip nat outside
>> ip virtual-reassembly
>> duplex auto
>> speed auto
>> crypto ipsec client ezvpn myvpn
>> !
>> interface Virtual-Template1 type tunnel
>> ip vrf forwarding myvrf
>> ip unnumbered Loopback0
>> tunnel mode ipsec ipv4
>>
>> ip route vrf myvrf 0.0.0.0 0.0.0.0 dhcp
>> !
>> ip nat inside source list 101 interface GigabitEthernet0/1 vrf myvrf
>> overload
>> !
>> access-list 101 permit ip 192.168.25.0 0.0.0.255 any
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> CCIEx2 (R&S|Sec) #19963

Blogs and organic groups at http://www.ccie.net
Received on Sun Jan 30 2011 - 13:00:55 ART

This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART