GRE over IPSEC question

Unanswered Question
Feb 21st, 2008

I'm studying for the ISCW exam and I couldn't find an answer in the cisco press material. Where do you apply the crypto map statment for GRE over IPSEC, under the phyisical interface or under the tunnel interface? I've read places that its under the physical, but then searching for configs on, they have it applied on both. Thanks in advanced.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Collin Clark Fri, 02/22/2008 - 12:52

In the old days you needed it on both, but as of version (I don't remember I'll see if I can find it) you only have to apply it to the tunnel interface. You won't be tested on it, but I'll see if I can find out the version for you.


dtushing123 Thu, 02/28/2008 - 13:45

I apply my crypto-map statements to the physical interface and not the tunnel interface.

Code 12.3 on a 3745.

aciscolook Tue, 07/08/2008 - 11:46

I had the same question.

In practice I've always placed crypto map on physical interface.

Richard Burts Tue, 07/08/2008 - 11:51

I am sure that Collin misspoke when he mentioned putting the crypto map on the tunnel instead of the physical interface. His point is quite right that in older code it went on both physical and tunnel interfaces. I believe that it was somewhere in 12.3T code that it changed and now the crypto map is placed only on the physical interface.



michael.leblanc Tue, 07/08/2008 - 14:55

With Cisco IOS Software Release 12.2(13)T and later codes, the configured IPSec crypto map only needs to be applied to the physical interface.

It is no longer required to be applied on the GRE tunnel interface.

It will likely work if you apply it on both interfaces, however, it is "highly recommended" to apply it only on the physical interface with newer releases.


This Discussion