6500 VPN question

Unanswered Question
Jan 9th, 2008
User Badges:


We have a 6500 with a SPA encryption card... on this router currently we use GRE with IPSEC. The GRE tunnels are sourced from the SPA card.

We have a customer that can't use GRE; we're going to try a non-GRE IPSEC tunnel.... my question is, since there isn't a tunnel interface that we can use to get the traffic running through the SPA encryption card, will the encryption module even come into play? I'm concerned that if the encryption card isn't in the packet path that the encryption won't work.

Here's the config I'm going to go with so far:

crypto isakmp policy 40

encr 3des

hash md5

authentication pre-share

group 2

crypto ipsec transform-set

TSI3_VF_Temp esp-3des esp-md5-hmac

crypto isakmp key UnKnownVPNkey$ address x.x.x.x

crypto map CRX0 141 ipsec-isakmp

set peer x.x.x.x

set transform-set TSI3_VF_Temp

match address ATLCRX _VF

int g0/0 crypto map CRX0


Lisa G

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion