[nsp] IPSEC and IRB

From: Shiva (zhiva@pacbell.net)
Date: Mon Apr 29 2002 - 00:33:34 EDT


Hi,

I was trying to create a IPSEC tunnel between a 7206 running IRB and a 3640, where would the crypto maps be applied? Is it the physical interface, sub-if or the BVI or a combination thereof? The tunnel endpoints are the BVIs with public IPs. I have gotten other IPSEC tunnels with non-IRB cisco device-pairs working fine. Would appreciate any help/pointers to configs towards this, here is the relevant config snippet.

interface FastEthernet0/0
 no ip address
 duplex full
 speed 100
!
interface FastEthernet0/0.404
 encapsulation isl 404
 no ip redirects
 bridge-group 1
!
interface FastEthernet0/0.450
 encapsulation isl 450
 no ip redirects
 bridge-group 2
!
interface FastEthernet0/1
 no ip address
 duplex full
 speed 100
!
interface FastEthernet0/1.404
 encapsulation isl 404
 no ip redirects
 bridge-group 1
!
interface FastEthernet0/1.450
 encapsulation isl 450
 no ip redirects
 bridge-group 2
!
interface BVI1
 ip address 10.0.32.244 255.255.255.240
!
interface BVI2
 ip address xx.xx.xx.xxx 255.255.255.240

Thanks in advance.
 -shiva



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:42 EDT