Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
5
Helpful
3
Replies

IPSEC & bridge interface

epasqualotto
Level 1
Level 1

‎10-20-2009 06:28 AM - edited ‎03-06-2019 08:12 AM

Hi all, I have two 2801 that extend my lan using a 2Mbit SDH link.

I have bridged ethernet with serial interfaces on each router. (I can't use L2TPv3 or routing)

Now, how can I do if I want to encrypt traffic between serial interfaces?

I have tried with a crypto map on two serial and an access-list with "ip any any" but doesn't work.

Any suggestion?

Thanks Pasqu.

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎10-20-2009 09:34 AM

Pasqu

If I am understanding your post correctly you have configured the routers to do forwarding at layer 2 between Ethernet and Serial interfaces on each router and layer 2 forwarding between serial interfaces between routers. This means that you have disabled layer 3 processing of IP on those interfaces. But IPSec is an IP process (running at layer 3). I do not see how you can implement layer 3 IPSec on interfaces forwarding at layer 2.

Perhaps it might be possible to maintain the router config and to implement some external encryptor connecting at the serial interface and have it perform encryption.

HTH

Rick

HTH

Rick

epasqualotto
Level 1
Level 1
In response to Richard Burts

‎10-20-2009 01:31 PM

I have tried also to make a tunnel interface between serials and encrypt it (ipsec over gre).

But next I can't bridge ethernet with tunnel.

Pasqu.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to epasqualotto

‎10-20-2009 01:57 PM

Pasqu

Yes the IPSec with GRE wants to encrypt IP (layer 3) packets but you are bridging layer 2 Ethernet frames. So IPSec/GRE will not work. I do not have experience with it, but from what I have read I believe that L2TP may be your best chance at getting this to work - and I know that your original post says that you can not use L2TP. Other than the external encryptors I am not sure what could get this to work.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card