From: Rob Ehlers (ccieorbust@xxxxxxxxxxxxxxxxxxx)
Date: Tue Mar 28 2000 - 19:53:06 GMT-3
I don't know why either, but I just tried it out on in my lab... and it
does need to be in both places... got it working fine, thanks for the
info!
Rob
On Tue, 28 Mar 2000, Ryan B wrote:
> Encrypting tunnel's is a bit diffrent then physical interfaces... First you
> would setup the tunnel like normal, with all your protocols (routed and
> routing)... Once you are confident that the tunnel is working as desired
> (you're seeing routes from your routing protocols and traffic is flowing)
> you add the crypto maps. The trick is to apply the crypto map to both the
> physical and tunnel interface. Then, in your "match" ACL, you would only
> need to specify the actual GRE traffic...
>
> access-list 101 permit gre host TunnelSourceAddress host
> TunnelDestinationAddress
>
> I'm not sure exactly why you need to put the map on both the physical and
> tunnel interfaces, anyone know?
>
> -Ryan
>
> ----- Original Message -----
> From: Rob Ehlers <ccieorbust@ns1.networkease.com>
> To: Ronald Doyle <Ronald.Doyle@USKO.com>
> Cc: 'Martyn Rogers' <martyn@oleander-oxon.freeserve.co.uk>;
> <ccielab@groupstudy.com>
> Sent: Monday, March 27, 2000 11:30 AM
> Subject: RE: IPsec & VPNs
>
>
> > I have setup a couple of IPsec VPNs... one question I have it about using
> > actual tunnel interfaces with this. Would you setup (lets say IPX) IPX on
> > the tunnel on both sides... give it the source and destination address,
> > and then setup your crypto map to encrypt any outgoing tunnel traffic? ..
> > or is there some other way to intergrate IPSec and a Tunnel interface?
> >
> > Thanks!
> >
> > Rob
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:07 GMT-3