Туннели с IPSEC защитой, из VRF
Есть одна особенность, при работе с VRF, нужно прописать Preshared key через isakmp profile: пример: interface Tunnel11 ip vrf forwarding VRF_TEST ip address 192.168.20.1 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel mode ipsec ipv4 tunnel destination XX.XX.XX.XX tunnel vrf VRF_TEST tunnel protection ipsec profile IPSECPROF1 end crypto keyring KR1 vrf VRF_TEST pre-shared-key address XX.XX.XX.XX key SameKey crypto isakmp profile ISPROF1 keyring KR1 match identity address XX.XX.XX.XX VRF_TEST keepalive 10 retry 5 crypto ipsec transform-set TSET esp-3des esp-sha-hmac crypto ipsec profile IPSECPROF1 set transform-set TSET set pfs group2