what happens when encrytion fail on the WAN link?

Unanswered Question
Jul 6th, 2007


Appreciate advise on the following:

what would happen on the WAN link configured with encryption experienced crypto or encryption problem/error? will the traffic configured on the ACL from the source to the destination still pass through?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Amit Singh Fri, 07/06/2007 - 07:56

Yes, traffic from the source to the destination will pass. A VPN without encryption isn't much of a VPN. It's just an authenticated tunnel.

HTH,please rate if it does.

-amit singh

neo_christina Fri, 07/06/2007 - 08:01


thanks for your reply.

btw, as the ACL is configured under the crypto configuration, if crypto fails, will the ACL still apply for the source to destination? or will the router treat the interface as having no ACL and pass all traffic?


Richard Burts Fri, 07/06/2007 - 12:35


Whether encryption is working or is not working the ACL referenced in the crypto map is only used to determine which traffic should be protected by VPN. The ACL does not affect at all what traffic will go out the interface, it only affects what traffic will be processed by VPN before it is transmitted (or after it is received). So the router always treats the interface as having no ACL and passing all traffic (unless there is a separate ACL applied to the interface).



royalblues Fri, 07/06/2007 - 20:58


As Rick said the failure of the encryption will not affect the traffic passing through the interface but it will definitely affect the encrypted traffic between the source and the destination if failure in the encryption brings down the VPN tunnel itself.

Say for eg your access-list is referencing some private source-destination pairs over the internet VPN, any failure on the tunnel would mean dropping of this traffic.




This Discussion