VRF Aware VPN IPSEC
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
ip vrf CITRIX_BYPASS
!
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
crypto keyring KEY vrf CITRIX_BYPASS
pre-shared-key address 10.1.1.1 key cisco
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp profile IKE
vrf CITRIX_BYPASS
keyring KEY
match identity address 10.1.1.1 255.255.255.255 CITRIX_BYPASS
!
!
crypto ipsec transform-set IPSEC esp-3des esp-sha-hmac
!
crypto map MAP 10 ipsec-isakmp
set peer 10.1.1.1
set transform-set IPSEC
set isakmp-profile IKE
match address 199
reverse-route
!
!!
ip tcp synwait-time 5
!
interface FastEthernet0/0
ip vrf forwarding CITRIX_BYPASS
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
crypto map MAP
!
interface FastEthernet0/1
ip vrf forwarding CITRIX_BYPASS
ip address 10.1.2.2 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip route 172.25.1.0 255.255.255.0 10.1.1.1
ip route vrf CITRIX_BYPASS 172.25.1.0 255.255.255.0 10.1.1.1
!
!
no ip http server
no ip http secure-server
!
access-list 199 permit ip 10.1.2.0 0.0.0.255 172.25.1.0 0.0.0.255
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end