Re: VPN VTI based from Piotr Matusiak on 2012-01-03 (Ccielab archives 01/2012)

From: Piotr Matusiak <pitt2k_at_gmail.com>
Date: Tue, 3 Jan 2012 20:38:47 +0100

What's your VTI client config? I bet you forgot to configure
virtual-template and assign virtual-interface to it.

Regards,

--
Piotr Matusiak
CCIE #19860 (R&S, Security), CCSI #33705
Technical Instructor
website: www.MicronicsTraining.com <http://www.micronicstraining.com/>
blog: www.ccie1.com
If you can't explain it simply, you don't understand it well enough -
Albert Einstein
2012/1/2 amin <amin_at_axizo.com>
> Hi experts,
>
>
>
> I have configured a VTI based VPN server  on a Cisco router, and the remote
> site is a Cisco router that is beside a 3G nat device, the VTI interface
> keep flapping between up and down
>
>  th
>
> *Jan  2 19:11:24.844: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Access33, changed state to down
>
> *Jan  2 19:11:28.316: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Access33, changed state to up
>
> *Jan  2 19:12:28.364: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Access33, changed state to down
>
> *Jan  2 19:12:32.248: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Virtual-Access33, changed state to up
>
>
>
> Even I tried to see the virtual-access interface to discover more
> virtual-access interfaces with the same setting for the remote client, any
> hint about that
>
>
>
> interface Virtual-Access32
>
>  ip unnumbered Dialer1
>
>  tunnel source 217.66.227.245
>
>  tunnel destination 91.135.102.167
>
>  tunnel mode ipsec ipv4
>
>  tunnel protection ipsec profile SDM_Profile2
>
>  no tunnel protection ipsec initiate
>
> !
>
> interface Virtual-Access31
>
>  ip unnumbered Dialer1
>
>  tunnel source 217.66.227.245
>
>  tunnel destination 188.64.204.72
>
>  tunnel mode ipsec ipv4
>
>  tunnel protection ipsec profile SDM_Profile2
>
>  no tunnel protection ipsec initiate
>
> end
>
>
>
> interface Virtual-Access30
>
>  ip unnumbered Dialer1
>
>  tunnel source 217.66.227.245
>
>  tunnel destination 46.28.137.232
>
>  tunnel mode ipsec ipv4
>
>  tunnel protection ipsec profile SDM_Profile2
>
>  no tunnel protection ipsec initiate
>
>
>
>
>
> Regards,
>
> Amin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Tue Jan 03 2012 - 20:38:47 ART

This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:51 ART