[c-nsp] Can you apply crypto map to SVI
Andy Saykao
andy.saykao at staff.netspace.net.au
Wed Jun 17 00:17:45 EDT 2009
Hi Ge,
This is being implemented on a Cisco 7606 (SUP720) running
12.2(18)SXF16.
Thanks.
Andy
-----Original Message-----
From: Ge Moua [mailto:moua0100 at umn.edu]
Sent: Wednesday, 17 June 2009 2:15 PM
To: Andy Saykao
Cc: cisco-nsp at puck.nether.net
Subject: Re: Can you apply crypto map to SVI
Maybe; I've seen a situation with the me-6524 with the crypto commands
available but functionality disabled. What hardware platform are you
running?
Regards,
Ge Moua | Email: moua0100 at umn.edu
Network Design Engineer
University of Minnesota | Networking & Telecommunications Services
Andy Saykao wrote:
> Hi Ge,
>
> Yes I see an active crypto engine in "software".
>
> core1#sh cry engine configuration
>
> crypto engine name: unknown
> crypto engine type: software
> serial number: 00016956
> crypto engine state: installed
> crypto engine in slot: N/A
> platform: Cisco Software Crypto Engine
>
> Encryption Process Info:
> input queue size: 500
> input queue top: 0
> input queue bot: 0
> input queue count: 0
>
> Crypto Adjacency Counts:
> Lock Count: 0
> Unlock Count: 0
> crypto lib version: 17.0.0
> ipsec lib version: 2.0.0
>
> Does this mean that if the crypto map is applied to the SVI that the
> IPSEC tunnel should be working (considering my IPSEC config is all
> good).
>
> Thanks.
>
> Andy
>
> -----Original Message-----
> From: Ge Moua [mailto:moua0100 at umn.edu]
> Sent: Tuesday, 16 June 2009 7:03 PM
> To: Andy Saykao
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Can you apply crypto map to SVI
>
> Yes, this should work contigent on hw plaform. If you do a "sh cry
> engine" do you see an active crypto engine in sw or hw? If not then
> the crypto commands will never be invoked even though legal.
>
> Regards,
> Ge Moua | Email: moua0100 at umn.edu
>
> Network Design Engineer
> University of Minnesota | Networking & Telecommunications Services
>
>
>
> Andy Saykao wrote:
>
>> Hi All,
>>
>> Got a problem with a site-to-site IPSEC vpn implementation where one
>> end is using SVI.
>>
>> Does any body know if a crypto map can be applied to a SVI to bring
>> up
>>
>
>
>> the IPSEC tunnel? It accepts the command but I can't pass any traffic
>> to/from it.
>>
>> interface vlan 10
>> crypto map MY-MAP
>>
>> Or do you need to apply the crypto map to a physical interface?
>>
>> I've gotten it working on a sub-interface (eg: interface
>> GigabitEthernet0/0.11) but can't find any documentation that talks
>> about applying it to a SVI and whether this will work.
>>
>> Thanks.
>>
>> Andy
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>>
> are addressed.
>
>> Please notify the sender immediately by email if you have received
>> this email by mistake and delete this email from your system. Please
>> note that any views or opinions presented in this email are solely
>> those of the author and do not necessarily represent those of the
>>
> organisation.
>
>> Finally, the recipient should check this email and any attachments
>> for
>>
>
>
>> the presence of viruses. The organisation accepts no liability for
>> any
>>
>
>
>> damage caused by any virus transmitted by this email.
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the cisco-nsp
mailing list