RE: Applying crypto maps -- Tunnel, Physical or both?

From: Biondino, Joseph (joseph.biondino@au.unisys.com)
Date: Thu Jun 12 2003 - 21:47:30 GMT-3

• Next message: Hughes, Gordon: "LS1010"
• Previous message: John Matijevic: "eigrp and metric"
• Maybe in reply to: Todd Carswell: "Applying crypto maps -- Tunnel, Physical or both?"
• Next in thread: Fabrice Bobes: "RE: Applying crypto maps -- Tunnel, Physical or both?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi;

I disagree; When running IPSEC with GRE you encrypt GRE traffic running over
the Physical interface, thus you need to apply the crypto map to the
physical interface.

Kind regards,

Joseph Biondino
Network Specialist
UNISYS
Network Command Centre

115 - 117 Wicks Rd
North Ryde NSW 2113
Phone: 02 9857 3149
Group: 02 9390 1107
Fax: 02 9857 3122

 -----Original Message-----
From: Fabrice Bobes [mailto:study@6colabs.com]
Sent: Friday, 13 June 2003 8:46 AM
To: Leo Seto; Todd Carswell; ccielab@groupstudy.com
Subject: RE: Applying crypto maps -- Tunnel, Physical or both?

(Sorry if it's a duplicate but I don't think this message went through
the first time.)

Todd and Leo,

My understanding is that you should apply it to the Tunnel interface
only but it doesn't hurt to apply it also on the physical interface.
On older releases, you needed to apply the crypto map on both the Tunnel
interface and the physical interface.
I don't see the point of applying the crypto map on the loopback
interface, traffic is not flowing through it. Maybe I am missing
something here.
In other words you should have something like:

Crypto map vpn local-address lo0
Int lo0
 Ip add x.x.x.x 255.255.255.0
Int e0
 Ip add y.y.y.y 255.255.255.0
Int tu0
 Ip add z.z.z.z 255.255.255.0
 Crypto map vpn

Thanks,

Fabrice
http://www.6colabs.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Leo Seto
Sent: Thursday, June 12, 2003 12:32 PM
To: Todd Carswell; ccielab@groupstudy.com
Subject: RE: Applying crypto maps -- Tunnel, Physical or both?

put it on the tunnel and loopback. Then you might try a:

crypto map [MYMAP] local-address [loopbackX]

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
secu
r_r/sec_c2g.htm#1073947

HTH

-Leo

CCIE #11664

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Todd Carswell
Sent: Thursday, June 12, 2003 8:54 AM
To: ccielab@groupstudy.com
Subject: Applying crypto maps -- Tunnel, Physical or both?

I've got a basic VPN config w/ GRE tunnels. My tunnel source is loo0 on
both ends of the VPN. Where should I apply my crypto map? The tunnel,
the loopback, or the physical interface? All three???

Thx

Todd

• Next message: Hughes, Gordon: "LS1010"
• Previous message: John Matijevic: "eigrp and metric"
• Maybe in reply to: Todd Carswell: "Applying crypto maps -- Tunnel, Physical or both?"
• Next in thread: Fabrice Bobes: "RE: Applying crypto maps -- Tunnel, Physical or both?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:10:57 GMT-3