ESR Series Routers Operation Manual 77
esr(config)# security ipsec vpn ipsec1
esr(config-ipsec-vpn)# mode ike
esr(config-ipsec-vpn)# ike establish-tunnel immediate
esr(config-ipsec-vpn)# ike gateway ike_gw1
esr(config-ipsec-vpn)# ike ipsec-policy ipsec_pol1
esr(config-ipsec-vpn)# enable
esr(config-ipsec-vpn)# exit
esr(config)# exit
You can view the state of the tunnel using following command:
esr# show security ipsec vpn status ipsec1
You can view the configuration of the tunnel using following command:
esr# show security ipsec vpn configuration ipsec1
7.20 LT-tunnels configuration
LT (logical tunnel) is a type of tunnels dedicated for transmission of routing information and traffic
between different virtual routers (VRF Lite) configured on a router. LT-tunnel might be used for
organization of interaction between two or more VRF using firewall restrictions.
Objective: Organize interaction between hosts terminated in two VRF vrf_1 and vrf_2.
Initial configuration:
hostname esr
ip vrf vrf_1
exit
ip vrf vrf_2
exit
interface gigabitethernet 1/0/1
ip vrf forwarding vrf_1
Ip firewall disable
ip address 10.0.0.1/24
exit
interface gigabitethernet 1/0/2
ip vrf forwarding vrf_2
Ip firewall disable
ip address 10.0.1.1/24
exit
Solution:
Create LT-tunnels for each VRF, specifying IP address from one subnet:
esr(config)# tunnel lt 1
esr(config-lt)# ip vrf forwarding vrf_1
esr(config-lt)# Ip firewall disable
esr(config-lt)# ip address 192.168.0.1/30
esr(config-lt)# exit
esr(config)# tunnel lt 2
esr(config-lt)# ip vrf forwarding vrf_2
esr(config-lt)# Ip firewall disable
esr(config-lt)# ip address 192.168.0.2/30
esr(config-lt)# exit
To Next Page
Loading...
Need help?
General
