Quick Question:IPSEC/GRE Crypto Map

Unanswered Question
Sep 2nd, 2007
User Badges:

Where is it better to apply the crypto map statement in an IPSEC/GRE setup? Is it advisable to apply it on the GRE interface or on the outgoing physical interface? Thanks.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Sun, 09/02/2007 - 08:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi John

It depends on your IOS level. From cisco doc


IOS Configuration Note: With Cisco IOS 12.2(13)T and later codes (higher numbered T-train codes, 12.3 and later codes) the configured IPSEC "crypto map" only needs to be applied to the physical interface and is no longer required to be applied on the GRE tunnel interface. Having the "crypto map" on the physical and tunnel interface when using the 12.2.(13)T and later codes still works. However, it is highly recommended to apply it just on the physical interface.





This Discussion