Testuje Flex VPN Spoke-2-Spoke i mam problem, gdyż traffic pomiędzy spokami dalej leci mi przez huba. W logach widze, ze Virtuall-Access dla komunikacji spoke-2-spoke nie wstaje
Kod: Zaznacz cały
spoke2#
*Jul 21 10:44:07.028: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to do
wn
Kod: Zaznacz cały
interface Virtual-Template1 type tunnel
vrf forwarding LAN
ip unnumbered Loopback0
ip mtu 1340
no ip next-hop-self eigrp 100
no ip split-horizon eigrp 100
ip nhrp network-id 1
ip nhrp redirect
ip summary-address eigrp 100 0.0.0.0 0.0.0.0
ip tcp adjust-mss 1300
tunnel source GigabitEthernet1
tunnel path-mtu-discovery
tunnel vrf INET
tunnel protection ipsec profile IPSEC-IKEV2
end
Kod: Zaznacz cały
interface Tunnel1
vrf forwarding LAN
ip address negotiated
ip nhrp network-id 1
ip nhrp shortcut virtual-template 1
ip nhrp redirect
tunnel source GigabitEthernet1
tunnel destination dynamic
tunnel vrf INET
tunnel protection ipsec profile IPSEC-IKEV2
interface Virtual-Template1 type tunnel
ip unnumbered Tunnel1
ip nhrp network-id 1
ip nhrp shortcut virtual-template 1
ip nhrp redirect
tunnel protection ipsec profile IPSEC-IKEV2
Kod: Zaznacz cały
spoke2#sh ip route vrf LAN
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
D* 0.0.0.0/0 [90/27008000] via 192.168.1.1, 00:28:38, Tunnel1
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.16.1.3/32 is directly connected, Loopback100
C 172.16.2.0/24 is directly connected, Loopback1
L 172.16.2.1/32 is directly connected, Loopback1
192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Tunnel1
S 192.168.1.1/32 is directly connected, Tunnel1
L 192.168.1.16/32 is directly connected, Tunnel1
Kod: Zaznacz cały
spoke2#sh crypto session
Crypto session current status
Interface: Tunnel1
Profile: IKEV2-PROFILE
Session status: UP-ACTIVE
Peer: 150.1.1.2 port 500
Session ID: 9
IKEv2 SA: local 152.1.1.2/500 remote 150.1.1.2/500 Active
IPSEC FLOW: permit 47 host 152.1.1.2 host 150.1.1.2
Active SAs: 2, origin: crypto map
Interface: Virtual-Access1
Profile: IKEV2-PROFILE
Session status: DOWN-NEGOTIATING
Peer: 151.1.1.2 port 500
Session ID: 13
IKEv2 SA: local 152.1.1.2/500 remote 151.1.1.2/500 Inactive
IPSEC FLOW: permit 47 host 152.1.1.2 host 151.1.1.2
Active SAs: 0, origin: crypto map
Pozdro,