From: Maljure, Sanjay (smaljure@xxxxxxxxxxxxxxxxx)
Date: Tue Mar 28 2000 - 13:21:17 GMT-3
I thought that the crypto map was applied to the ethernet interface if u
needed
to encrypt the traffic coming from hosts connected to the ethernet
interface.
This is the impression I got from the "Tech Tips" on the CCO
Can u please confirm this?
Sanjay
Encrypting tunnel's is a bit diffrent then physical interfaces... First you
would setup the tunnel like normal, with all your protocols (routed and
routing)... Once you are confident that the tunnel is working as desired
(you're seeing routes from your routing protocols and traffic is flowing)
you add the crypto maps. The trick is to apply the crypto map to both the
physical and tunnel interface. Then, in your "match" ACL, you would only
need to specify the actual GRE traffic...
access-list 101 permit gre host TunnelSourceAddress host
TunnelDestinationAddress
I'm not sure exactly why you need to put the map on both the physical and
tunnel interfaces, anyone know?
-Ryan
----- Original Message -----
From: Rob Ehlers <ccieorbust@ns1.networkease.com>
To: Ronald Doyle <Ronald.Doyle@USKO.com>
Cc: 'Martyn Rogers' <martyn@oleander-oxon.freeserve.co.uk>;
<ccielab@groupstudy.com>
Sent: Monday, March 27, 2000 11:30 AM
Subject: RE: IPsec & VPNs
> I have setup a couple of IPsec VPNs... one question I have it about using
> actual tunnel interfaces with this. Would you setup (lets say IPX) IPX on
> the tunnel on both sides... give it the source and destination address,
> and then setup your crypto map to encrypt any outgoing tunnel traffic? ..
> or is there some other way to intergrate IPSec and a Tunnel interface?
>
> Thanks!
>
> Rob
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:07 GMT-3