Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
3
Helpful
4
Replies

what happens when encrytion fail on the WAN link?

neo_christina
Level 1
Level 1

‎07-06-2007 07:47 AM - edited ‎03-03-2019 05:45 PM

Hi,

Appreciate advise on the following:

what would happen on the WAN link configured with encryption experienced crypto or encryption problem/error? will the traffic configured on the ACL from the source to the destination still pass through?

Thanks.

Labels:
0 Helpful
4 Replies 4

Amit Singh
Cisco Employee
Cisco Employee

‎07-06-2007 07:56 AM

Yes, traffic from the source to the destination will pass. A VPN without encryption isn't much of a VPN. It's just an authenticated tunnel.

HTH,please rate if it does.

-amit singh

neo_christina
Level 1
Level 1
In response to Amit Singh

‎07-06-2007 08:01 AM

Hi,

thanks for your reply.

btw, as the ACL is configured under the crypto configuration, if crypto fails, will the ACL still apply for the source to destination? or will the router treat the interface as having no ACL and pass all traffic?

Thanks.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to neo_christina

‎07-06-2007 12:35 PM

Christina

Whether encryption is working or is not working the ACL referenced in the crypto map is only used to determine which traffic should be protected by VPN. The ACL does not affect at all what traffic will go out the interface, it only affects what traffic will be processed by VPN before it is transmitted (or after it is received). So the router always treats the interface as having no ACL and passing all traffic (unless there is a separate ACL applied to the interface).

HTH

Rick

HTH

Rick
0 Helpful

royalblues
Level 10
Level 10
In response to Richard Burts

‎07-06-2007 08:58 PM

Christina,

As Rick said the failure of the encryption will not affect the traffic passing through the interface but it will definitely affect the encrypted traffic between the source and the destination if failure in the encryption brings down the VPN tunnel itself.

Say for eg your access-list is referencing some private source-destination pairs over the internet VPN, any failure on the tunnel would mean dropping of this traffic.

HTH

Narayan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card