VPN terminated on Loopback IP

Abu-Mahmoud · ‎10-06-2008

Hi all,

I'm willing to configure a VPN client on my 2691 router [run IOS ver. 12.4(15)T7]. the network setup is quite simple, as following

ADSL router --> VPN router

I've configured a loopback 0 to terminate the VPN sessions but to no avail, for curiosity reason I've tried to terminate the VPN on the Fa0/0 and amazingly working fine.

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration address-pool local dynpool

!

crypto isakmp client configuration group hasan-gr

key hasan-key

dns 10.0.0.2

wins 10.0.0.2

pool dynpool

!

crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 1

set transform-set transform-1

reverse-route

!

crypto map dynmap isakmp authorization list hasan-gr

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

!

interface Loopback0

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

crypto map dynmap

!

interface FastEthernet0/0

ip address 10.0.0.60 255.255.255.0

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

ip nat source static 192.168.1.1 10.0.0.131

ip local pool dynpool 192.168.74.200 192.168.74.220

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.0.0.2

any helpful comments will be higly appreciated..

Regards,

cisco24x7 · ‎10-06-2008

Your loopback 0 needs to be visible for this

to work.

Richard Burts · ‎10-06-2008

For the VPN tunnel to work when terminated on the loopback it would also be necessary to configure the crypto map local-address command. By default the crypto will use the address of the outbound interface. So when terminating the VPN on the physical interface local-address is not needed. To use the loopback you need the configuration command to change the address used from the physical outbound interface to the loopback.

HTH

Rick

HTH

Rick