Just had a quick look at your configuraiton:
looks like DHCP is not VRF'd...
----------------------------------------------------------------
ip dhcp pool mypool
network 192.168.25.0 255.255.255.0
default-router 192.168.10.1
lease 8
Shouldn't this be something like:
ip dhcp pool TEST
vrf myvrf
network 192.168.25.0 255.255.255.0
default-router 192.168.10.1
lease 8
----------------------------------
send debugs of isakmp and ipsec
On Mon, Jan 31, 2011 at 12:00 AM, George Goglidze <goglidze_at_gmail.com>wrote:
> can you attach a isakmp profile to ezvpn client ? I have tried but was not
> able to.
>
> On Sun, Jan 30, 2011 at 12:57 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com
> >wrote:
>
> > Hi George,
> >
> > Have you tried making the same configuration using an ISAKAMP PROFILE?
> > IIRC, there is an option to put a VRF in there, somewhere.
> >
> > Let us know how you get on please.
> >
> > Sadiq
> >
> > On Sun, Jan 30, 2011 at 10:28 AM, George Goglidze <goglidze_at_gmail.com
> >wrote:
> >
> >> Hi all,
> >>
> >> Does anybody know how to configure EzVPN client inside a VRF?
> >> I have this sample config that does not work:
> >>
> >> same config worked fine as soon as I removed VRF from interfaces... the
> >> rest
> >> of config was left unchanged.
> >>
> >> Thanks,
> >>
> >> !
> >> ip dhcp pool mypool
> >> network 192.168.25.0 255.255.255.0
> >> default-router 192.168.10.1
> >> lease 8
> >> !
> >>
> >> !
> >> !
> >> crypto isakmp policy 10
> >> encr 3des
> >> authentication pre-share
> >> group 2
> >>
> >> !
> >> !
> >> !
> >> crypto ipsec client ezvpn myvpn
> >> connect manual
> >> group mygroup key mykey
> >> mode network-plus
> >> peer 78.78.78.78
> >> virtual-interface 1
> >> xauth userid mode interactive
> >> !
> >>
> >> !
> >> !
> >> !
> >> !
> >> !
> >> interface Loopback0
> >> ip vrf forwarding myvrf
> >> ip address 1.1.1.1 255.255.255.255
> >> !
> >>
> >> !
> >> !
> >> interface GigabitEthernet0/0
> >> ip vrf forwarding myvrf
> >> ip address 192.168.25.1 255.255.255.0
> >> ip nat inside
> >> ip virtual-reassembly
> >> crypto ipsec client ezvpn myvpn inside
> >> !
> >> !
> >> interface GigabitEthernet0/1
> >> ip vrf forwarding myvrf
> >> ip address dhcp
> >> ip nat outside
> >> ip virtual-reassembly
> >> duplex auto
> >> speed auto
> >> crypto ipsec client ezvpn myvpn
> >> !
> >> interface Virtual-Template1 type tunnel
> >> ip vrf forwarding myvrf
> >> ip unnumbered Loopback0
> >> tunnel mode ipsec ipv4
> >>
> >> ip route vrf myvrf 0.0.0.0 0.0.0.0 dhcp
> >> !
> >> ip nat inside source list 101 interface GigabitEthernet0/1 vrf myvrf
> >> overload
> >> !
> >> access-list 101 permit ip 192.168.25.0 0.0.0.255 any
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> > --
> > CCIEx2 (R&S|Sec) #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Jan 31 2011 - 00:46:39 ART
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART