Hi all,
In a lab I have a simple VPN between 2 routers back to back:
R1
int fa0/0
ip add 10.100.12.1 255.255.255.0
!
int lo0
ip add 1.1.1.1 255.255.255.0
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp key CLIENT1 address 10.100.12.2
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN_CMAP 10 ipsec-isakmp
set peer 10.100.12.2
set transform-set ESP-3DES-SHA
match address TO_CLIENT
!
interface fa0/0
crypto map VPN_CMAP
!
ip access-list extended TO_CLIENT
permit ip host 1.1.1.1 host 2.2.2.2
!
ip route 0.0.0.0 0.0.0.0 10.100.12.2
R2
int fa0/0
ip add 10.100.12.2 255.255.255.0
!
int lo0
ip add 2.2.2.2 255.255.255.0
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp key CLIENT1 address 10.100.12.1
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN_CMAP 10 ipsec-isakmp
set peer 10.100.12.1
set transform-set ESP-3DES-SHA
match address TO_SERVER
!
interface fa0/0
crypto map VPN_CMAP
!
ip access-list extended TO_SERVER
permit ip host 2.2.2.2 host 1.1.1.1
!
ip route 0.0.0.0 0.0.0.0 10.100.12.1
Say if I wanted to take the loopback0 interface on R1 and put it in a
different VRF table so on R1:
ip vrf TEST_VRF
rd1:1
int lo0
ip vrf forwarding TEST_VRF
ip address 1.1.1.1 255.255.255.255
Is there a way I can modify my VPN so I can still have 1.1.1.1 and 2.2.2.2
talk to each other or do I need to go for easy VPN at this point?
Cheers!
Evan
Blogs and organic groups at http://www.ccie.net
Received on Fri Feb 05 2010 - 11:57:29 ART
This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART