Re: Applying crypto map...

From: Jay Hennigan (jay@west.net)
Date: Wed Aug 18 2004 - 11:27:59 GMT-3

Next message: kasturi cisco: "Re: switchport mode access command"
Previous message: joedeleonardo@cox.net: "RE: Applying crypto map..."
Maybe in reply to: Todd Carswell: "Applying crypto map..."
Next in thread: Mark Lewis: "RE: Applying crypto map..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 18 Aug 2004, Todd Carswell wrote:

> For IPSec, is it possible to apply a crypto map to a Tunnel
> interface? I've come to the conclusion that you can only apply them to
> physical interfaces.

It is IOS-dependent.

See:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml

   "OS Configuration Note: With Cisco IOS 12.2(13)T and later codes
    (higher numbered T-train codes, 12.3 and later codes) the configured
    IPSEC "crypto map" only needs to be applied to the physical interface
    and is no longer required to be applied on the GRE tunnel interface.
    Having the "crypto map" on the physical and tunnel interface when
    using the 12.2.(13)T and later codes still works. However, it is
    highly recommended to apply it just on the physical interface."

--
Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net
WestNet:  Connecting you to the planet.  805 884-6323      WB6RDV
NetLojix Communications, Inc.  -  http://www.netlojix.com/

Next message: kasturi cisco: "Re: switchport mode access command"
Previous message: joedeleonardo@cox.net: "RE: Applying crypto map..."
Maybe in reply to: Todd Carswell: "Applying crypto map..."
Next in thread: Mark Lewis: "RE: Applying crypto map..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:45 GMT-3