07-06-2007 07:47 AM - edited 03-03-2019 05:45 PM
Hi,
Appreciate advise on the following:
what would happen on the WAN link configured with encryption experienced crypto or encryption problem/error? will the traffic configured on the ACL from the source to the destination still pass through?
Thanks.
07-06-2007 07:56 AM
Yes, traffic from the source to the destination will pass. A VPN without encryption isn't much of a VPN. It's just an authenticated tunnel.
HTH,please rate if it does.
-amit singh
07-06-2007 08:01 AM
Hi,
thanks for your reply.
btw, as the ACL is configured under the crypto configuration, if crypto fails, will the ACL still apply for the source to destination? or will the router treat the interface as having no ACL and pass all traffic?
Thanks.
07-06-2007 12:35 PM
Christina
Whether encryption is working or is not working the ACL referenced in the crypto map is only used to determine which traffic should be protected by VPN. The ACL does not affect at all what traffic will go out the interface, it only affects what traffic will be processed by VPN before it is transmitted (or after it is received). So the router always treats the interface as having no ACL and passing all traffic (unless there is a separate ACL applied to the interface).
HTH
Rick
07-06-2007 08:58 PM
Christina,
As Rick said the failure of the encryption will not affect the traffic passing through the interface but it will definitely affect the encrypted traffic between the source and the destination if failure in the encryption brings down the VPN tunnel itself.
Say for eg your access-list is referencing some private source-destination pairs over the internet VPN, any failure on the tunnel would mean dropping of this traffic.
HTH
Narayan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: