Jon Marshall Sun, 09/02/2007 - 08:41

Hi John

It depends on your IOS level. From cisco doc


IOS Configuration Note: With Cisco IOS 12.2(13)T and later codes (higher numbered T-train codes, 12.3 and later codes) the configured IPSEC "crypto map" only needs to be applied to the physical interface and is no longer required to be applied on the GRE tunnel interface. Having the "crypto map" on the physical and tunnel interface when using the 12.2.(13)T and later codes still works. However, it is highly recommended to apply it just on the physical interface.





This Discussion