route issue?
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Monday, October 25, 2010 6:46 AM To: [email protected] Subject: [OSL | CCIE_Security] EzVPN server with VRF Hi all I am trying out EzVPN server with VRF. When I have the network behind the EzVPN server in a VRF and EzVPN local endpoint without VRF, it works fine. When I have the local endpoint also configured for VRF then I am not able to connect to the server. I am seeing the issue both with legacy and VTI based VPN. I guess, the server is trying to reach the clients in the global routing instead of VRF table. Please let me know, what I am missing? VRF with legacy EzVPN server ip vrf king rd 12:34 crypto isakmp client configuration group king key cisco pool addr crypto ipsec transform-set tran esp-3des esp-sha-hmac crypto dynamic-map dynmap set transform-set tran reverse-route crypto map cisco 1 ipsec-isakmp dynamic dynmap crypto map cisco isakmp authorization ez crypto map cisco client authentication list ez crypto map cisco client configuration address respond interface G0/0 ip vrf forwarding king ip address 10.20.30.40 255.255.255.0 crypto map cisco interface G0/1 ip vrf forwarding king ip address 20.10.30.40 255.255.255.0 VRF with new VTI based EzVPN server ip vrf king rd 12:34 crypto isakmp profile prof match identity group king client authentication list ez isakmp authorization list ez client configuration address respond virtual-template 1 crypto ipsec transform-set tran esp-3des esp-sha-hmac crypto ipsec profile prof set transform-set tran set isakmp-profile prof interface G0/0 ip vrf forwarding king ip address 10.20.30.40 255.255.255.0 interface G0/1 ip vrf forwarding king ip address 20.10.30.40 255.255.255.0 interface Virtual-Template1 type tunnel ip vrf forwarding king ip unnumbered GigabitEthernet0/0 tunnel source GigabitEthernet0/0 tunnel mode ipsec ipv4 tunnel vrf king tunnel protection ipsec profile prof With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
