We have a 6500 with a SPA encryption card... on this router currently we use GRE with IPSEC. The GRE tunnels are sourced from the SPA card.
We have a customer that can't use GRE; we're going to try a non-GRE IPSEC tunnel.... my question is, since there isn't a tunnel interface that we can use to get the traffic running through the SPA encryption card, will the encryption module even come into play? I'm concerned that if the encryption card isn't in the packet path that the encryption won't work.
Here's the config I'm going to go with so far:
crypto isakmp policy 40
crypto ipsec transform-set
TSI3_VF_Temp esp-3des esp-md5-hmac
crypto isakmp key UnKnownVPNkey$ address x.x.x.x
crypto map CRX0 141 ipsec-isakmp
set peer x.x.x.x
set transform-set TSI3_VF_Temp
match address ATLCRX _VF
int g0/0 crypto map CRX0