Re: IPsec & VPNs

From: Ryan B (rbenigno@xxxxxxxx)
Date: Tue Mar 28 2000 - 14:14:24 GMT-3

• Next message: Stanley Seow: "RE: What to buy?"
• Previous message: Stanley Seow: "RE: IPsec & VPNs"
• Maybe in reply to: Martyn Rogers: "IPsec & VPNs"
• Next in thread: David L Stewart: "RE: IPsec & VPNs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
All of the configurations I've done and seen have the crypto maps applied to
the outgoing interface... This includes every reference I've seen on CCO

-Ryan

----- Original Message -----
From: Maljure, Sanjay <smaljure@cibernetworks.com>
To: 'Ryan B' <rbenigno@home.com>; Rob Ehlers
<ccieorbust@ns1.networkease.com>; Ronald Doyle <Ronald.Doyle@USKO.com>
Cc: 'Martyn Rogers' <martyn@oleander-oxon.freeserve.co.uk>;
<ccielab@groupstudy.com>
Sent: Tuesday, March 28, 2000 8:21 AM
Subject: RE: IPsec & VPNs

> I thought that the crypto map was applied to the ethernet interface if u
> needed
> to encrypt the traffic coming from hosts connected to the ethernet
> interface.
> This is the impression I got from the "Tech Tips" on the CCO
> Can u please confirm this?
> Sanjay
>
> Encrypting tunnel's is a bit diffrent then physical interfaces... First
you
> would setup the tunnel like normal, with all your protocols (routed and
> routing)... Once you are confident that the tunnel is working as desired
> (you're seeing routes from your routing protocols and traffic is flowing)
> you add the crypto maps. The trick is to apply the crypto map to both the
> physical and tunnel interface. Then, in your "match" ACL, you would only
> need to specify the actual GRE traffic...
>
> access-list 101 permit gre host TunnelSourceAddress host
> TunnelDestinationAddress
>
> I'm not sure exactly why you need to put the map on both the physical and
> tunnel interfaces, anyone know?
>
> -Ryan
>
> ----- Original Message -----
> From: Rob Ehlers <ccieorbust@ns1.networkease.com>
> To: Ronald Doyle <Ronald.Doyle@USKO.com>
> Cc: 'Martyn Rogers' <martyn@oleander-oxon.freeserve.co.uk>;
> <ccielab@groupstudy.com>
> Sent: Monday, March 27, 2000 11:30 AM
> Subject: RE: IPsec & VPNs
>
>
> > I have setup a couple of IPsec VPNs... one question I have it about
using
> > actual tunnel interfaces with this. Would you setup (lets say IPX) IPX
on
> > the tunnel on both sides... give it the source and destination address,
> > and then setup your crypto map to encrypt any outgoing tunnel traffic?
..
> > or is there some other way to intergrate IPSec and a Tunnel interface?
> >
> > Thanks!
> >
> > Rob
> >

• Next message: Stanley Seow: "RE: What to buy?"
• Previous message: Stanley Seow: "RE: IPsec & VPNs"
• Maybe in reply to: Martyn Rogers: "IPsec & VPNs"
• Next in thread: David L Stewart: "RE: IPsec & VPNs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:07 GMT-3