Cisco 3825 and EZVPN

Unanswered Question
Apr 24th, 2007

My ISP does not route the IP they gave me for my serial interface. So, I setup my router to use Loopback 0 for the VPN interface.

My issue is that it appears I need to apply the crypto map to both the serial and the loopback in order for authentication to work. This then messes up the dynamic route setup by the VPN when a remote client establishes a connection.

Instead of routing through the tunnel back to the client, it sets the route to the public IP based on the serial interface.

I am authenticating correctly and I can see packets coming in from the remote client but return packets get routed out the serial interface instead of the tunnel.

Has anyone used the loopback to land the VPN? Is it possible or should I try to get my ISP to route my serial IP?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
adamcball Tue, 04/24/2007 - 13:07

I figured out my issue. You can only apply the crypto map to the physical interface, you then need to have: crypto map local-address specified for it to use the loopback.

Once I did that, everything worked like a charm.


This Discussion