Add Crypto map to an internal Interface...

Unanswered Question
Apr 15th, 2009

Hi All,

Assume that we have a 2-interface router.

Assume Fa0 is connected to internet and Fa1 is connected to local Lan and both interfaces with public addresses. Is there a way to have crypto map to the internal interface insted of the public interface? I remember I saw somewhere examples of crypto map assigned on the loopback address.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Wed, 04/15/2009 - 06:45

The crypto map has to be applied to he interface that receives the encrypted traffic, if your internal interface is going to receive that encrypted traffic then you will have no problem with that, however if the traffic is going to be received on the interface connected to the internet you need to apply the crypto map there. There is something else to do when you want to use another ip address than the one you have on the interface facing the internet, thatis the "local-address" feature, which allows you to use another ip address as the VPN source for identification.

crypto map local-address ifname


This Discussion