[c-nsp] IPSec crypto map on MPLS enabled interface?
Gert Doering
gert at greenie.muc.de
Sat Mar 13 06:30:57 EST 2010
Hi,
On Thu, Mar 11, 2010 at 06:53:46PM +0100, Peter Rathlev wrote:
> Yes, and though I would like to use VTI the other end are not able to.
> So that's a no go.
This surprises me somewhat. The config variant you use to configure the
IPSEC stuff on your end should be completely transparent to the other
side, as long as the resulting packets match:
- IKE phase 1 + 2 proposals
- IKE phase 2 SA (= with crypto maps: tied to ACL lines)
- protocol stacking (IP-in-GRE-in-IPSEC?)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100313/480fac2d/attachment.bin>
More information about the cisco-nsp
mailing list