sorry about that Radioactive,
forgot to add to the config use vrf on dhcp.
I've changed is so many times now, removing vrf and adding it again.
DHCP makes no difference for tunnel creation though!
will send debugs when I can, thanks.
On Sun, Jan 30, 2011 at 1:46 PM, Radioactive Frog <pbhatkoti_at_gmail.com>wrote:
>
> Just had a quick look at your configuraiton:
> looks like DHCP is not VRF'd...
>
> ----------------------------------------------------------------
>
> ip dhcp pool mypool
> network 192.168.25.0 255.255.255.0
> default-router 192.168.10.1
> lease 8
>
> Shouldn't this be something like:
>
> ip dhcp pool TEST
> vrf myvrf
>
> network 192.168.25.0 255.255.255.0
> default-router 192.168.10.1
> lease 8
>
> ----------------------------------
>
> send debugs of isakmp and ipsec
>
>
> On Mon, Jan 31, 2011 at 12:00 AM, George Goglidze <goglidze_at_gmail.com>wrote:
>
>> can you attach a isakmp profile to ezvpn client ? I have tried but was not
>> able to.
>>
>> On Sun, Jan 30, 2011 at 12:57 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com
>> >wrote:
>>
>> > Hi George,
>> >
>> > Have you tried making the same configuration using an ISAKAMP PROFILE?
>> > IIRC, there is an option to put a VRF in there, somewhere.
>> >
>> > Let us know how you get on please.
>> >
>> > Sadiq
>> >
>> > On Sun, Jan 30, 2011 at 10:28 AM, George Goglidze <goglidze_at_gmail.com
>> >wrote:
>> >
>> >> Hi all,
>> >>
>> >> Does anybody know how to configure EzVPN client inside a VRF?
>> >> I have this sample config that does not work:
>> >>
>> >> same config worked fine as soon as I removed VRF from interfaces... the
>> >> rest
>> >> of config was left unchanged.
>> >>
>> >> Thanks,
>> >>
>> >> !
>> >> ip dhcp pool mypool
>> >> network 192.168.25.0 255.255.255.0
>> >> default-router 192.168.10.1
>> >> lease 8
>> >> !
>> >>
>> >> !
>> >> !
>> >> crypto isakmp policy 10
>> >> encr 3des
>> >> authentication pre-share
>> >> group 2
>> >>
>> >> !
>> >> !
>> >> !
>> >> crypto ipsec client ezvpn myvpn
>> >> connect manual
>> >> group mygroup key mykey
>> >> mode network-plus
>> >> peer 78.78.78.78
>> >> virtual-interface 1
>> >> xauth userid mode interactive
>> >> !
>> >>
>> >> !
>> >> !
>> >> !
>> >> !
>> >> !
>> >> interface Loopback0
>> >> ip vrf forwarding myvrf
>> >> ip address 1.1.1.1 255.255.255.255
>> >> !
>> >>
>> >> !
>> >> !
>> >> interface GigabitEthernet0/0
>> >> ip vrf forwarding myvrf
>> >> ip address 192.168.25.1 255.255.255.0
>> >> ip nat inside
>> >> ip virtual-reassembly
>> >> crypto ipsec client ezvpn myvpn inside
>> >> !
>> >> !
>> >> interface GigabitEthernet0/1
>> >> ip vrf forwarding myvrf
>> >> ip address dhcp
>> >> ip nat outside
>> >> ip virtual-reassembly
>> >> duplex auto
>> >> speed auto
>> >> crypto ipsec client ezvpn myvpn
>> >> !
>> >> interface Virtual-Template1 type tunnel
>> >> ip vrf forwarding myvrf
>> >> ip unnumbered Loopback0
>> >> tunnel mode ipsec ipv4
>> >>
>> >> ip route vrf myvrf 0.0.0.0 0.0.0.0 dhcp
>> >> !
>> >> ip nat inside source list 101 interface GigabitEthernet0/1 vrf myvrf
>> >> overload
>> >> !
>> >> access-list 101 permit ip 192.168.25.0 0.0.0.255 any
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>> > --
>> > CCIEx2 (R&S|Sec) #19963
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Jan 30 2011 - 19:51:29 ART
This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART