Re: IPsec - loopback

From: Alec (clapun@graduate.hku.hk)
Date: Sat Mar 06 2004 - 00:00:05 GMT-3

• Next message: William Chen: "Re: Forwarding UDP Broadcasts (not all-1's)"
• Previous message: Church, Chuck: "RE: Cisco NM-1V !"
• Maybe in reply to: Franck ccie: "IPsec - loopback"
• Next in thread: onwude daniel: "RE: IPsec - loopback"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I don't think PIX support loopback interface ? Please correct me if wrong.

alec
----- Original Message -----
From: "Richard Dumoulin" <richard.dumoulin@vanco.es>
To: "Richard Dumoulin" <richard.dumoulin@vanco.es>; "Franck ccie"
<cciefrank@hotmail.com>; <ccielab@groupstudy.com>
Sent: Saturday, March 06, 2004 9:01 AM
Subject: RE: IPsec - loopback

> I see several solutions here.
>
> If you're not using GRE then one possible way would be to use DPD (Dead
> Peer Detection)or IKE keepalives and configure your crypto map with two
"set
> peer" commands. This way when your primary link becomes unavailable the
> remote site will be able to negociate IPSec with the secondary link.
>
> Another solution would be to configure 2 gre tunnels over both links, with
> EIGRP inside. Then just manipulate the delay to prefer one path over the
> other,
>
> --Richard
>
>
> -----Mensaje original-----
> De: Franck ccie [mailto:cciefrank@hotmail.com]
> Enviado el: viernes, 05 de marzo de 2004 21:03
> Para: ccielab@groupstudy.com
> Asunto: IPsec - loopback
>
>
> Does anyone tried IPSEC on cisco routers using loopback addresses? We
> need this implementation because we have redundant paths and we need
> IPSEC to
> be always up even if one of the link fails.
> Thanks
>
> ------------------------------------------------------------------------
>
> MSN Messenger : discutez en direct avec vos amis ! Cliquez-ici
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: William Chen: "Re: Forwarding UDP Broadcasts (not all-1's)"
• Previous message: Church, Chuck: "RE: Cisco NM-1V !"
• Maybe in reply to: Franck ccie: "IPsec - loopback"
• Next in thread: onwude daniel: "RE: IPsec - loopback"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:15 GMT-3