Think so all IP outgoing/incomming interfaces relevant to the IPSEC destination .... I'm using IPSEC and TUNNEL interface, and it is
a MUST to have it on BOTH interfaces...(external and tunnel)
cheers
alex
-----Original Message-----
From: Shiva [mailto:zhiva@pacbell.net]
Sent: Monday, April 29, 2002 6:34 AM
To: cisco-nsp@puck.nether.net
Subject: [nsp] IPSEC and IRB
Hi,
I was trying to create a IPSEC tunnel between a 7206 running IRB and a 3640, where would the crypto maps be applied? Is it the
physical interface, sub-if or the BVI or a combination thereof? The tunnel endpoints are the BVIs with public IPs. I have gotten
other IPSEC tunnels with non-IRB cisco device-pairs working fine. Would appreciate any help/pointers to configs towards this, here
is the relevant config snippet.
interface FastEthernet0/0
no ip address
duplex full
speed 100
!
interface FastEthernet0/0.404
encapsulation isl 404
no ip redirects
bridge-group 1
!
interface FastEthernet0/0.450
encapsulation isl 450
no ip redirects
bridge-group 2
!
interface FastEthernet0/1
no ip address
duplex full
speed 100
!
interface FastEthernet0/1.404
encapsulation isl 404
no ip redirects
bridge-group 1
!
interface FastEthernet0/1.450
encapsulation isl 450
no ip redirects
bridge-group 2
!
interface BVI1
ip address 10.0.32.244 255.255.255.240
!
interface BVI2
ip address xx.xx.xx.xxx 255.255.255.240
Thanks in advance.
-shiva
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:11:55 EDT