Туннели с IPSEC защитой, из VRF
Есть одна особенность, при работе с VRF, нужно прописать Preshared key через isakmp profile:
пример:
interface Tunnel11
ip vrf forwarding VRF_TEST
ip address 192.168.20.1 255.255.255.252
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel destination XX.XX.XX.XX
tunnel vrf VRF_TEST
tunnel protection ipsec profile IPSECPROF1
end
crypto keyring KR1 vrf VRF_TEST
pre-shared-key address XX.XX.XX.XX key SameKey
crypto isakmp profile ISPROF1
keyring KR1
match identity address XX.XX.XX.XX VRF_TEST
keepalive 10 retry 5
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
crypto ipsec profile IPSECPROF1
set transform-set TSET
set pfs group2
пример:
interface Tunnel11
ip vrf forwarding VRF_TEST
ip address 192.168.20.1 255.255.255.252
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel destination XX.XX.XX.XX
tunnel vrf VRF_TEST
tunnel protection ipsec profile IPSECPROF1
end
crypto keyring KR1 vrf VRF_TEST
pre-shared-key address XX.XX.XX.XX key SameKey
crypto isakmp profile ISPROF1
keyring KR1
match identity address XX.XX.XX.XX VRF_TEST
keepalive 10 retry 5
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
crypto ipsec profile IPSECPROF1
set transform-set TSET
set pfs group2
Комментарии
Отправить комментарий