CSR Configuration

The configuration of VTI IPsec tunnels on CSR peer router instances is almost identical to the configuration of GRE-over-IPsec tunnels on CSR peer router instances. The only difference in the configurations is tunnel mode.

For VTI IPsec tunnels, tunnel mode must be set to ipsec instead of gre (for GRE-over-IPsec tunnels, tunnel mode must be set to gre.)

This example shows a basic VTI IPsec tunnel configuration for a CSR peer router instance.

Example

switch(config)#interface Tunnel0
switch(config-if)#ip address 1.0.3.1 255.255.255.0 
switch(config-if)#tunnel source 10.3.31.30 
switch(config-if)#tunnel destination 10.2.201.149 
switch(config-if)#tunnel mode ipsec ipv4 
switch(config-if)#tunnel protection ipsec profile vrouter-ikev1-ipsec-profile
Note: Make sure you use the correct procedure based on the version of IKE you need to use.