From: Joe A (GroupStudy@xxxxxxxxxxx)
Date: Thu Jul 25 2002 - 13:08:35 GMT-3
You need the crypto map on both interfaces, though there has never been a
real good explanation of why. You then need to match only GRE traffic to
make it work.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Anthony Pace
Sent: Wednesday, July 24, 2002 8:32 PM
To: ccielab@groupstudy.com
Subject: IPSEC and GRE
To encrypt a GRE tunnel is it best to apply the crypto map to the GRE
tunnel interface or the real interface(s) the traffic will ultimatly
traverse. If the answer is both, then do I set up the access-list to
encrypt all IP or just GRE traffic.
I would think that if you applied the map to the real interface, and
the ACL matched GRE then it would work.
I would think that if you appplied the map to the GRE, and the ACL
matched all IP then it would also work.
The examples I have seen put it on both. What is the difference and
does it matter?
Anthony Pace
-- Anthony Pace anthonypace@fastmail.fm-- http://fastmail.fm - Email service worth paying for. Try it for free.
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:43 GMT-3