Crypto map and VTI tunnel source on same interface

Unanswered Question
Feb 1st, 2010
User Badges:


What can I do if I have one interface facing the internet and it need to be tunell source for VTI and at the same time I should apply crypto map because

that router is easy VPN server? For example, is this configuration possible:

interface fastethernet 0/0

ip address x.x.x.x

crypto-map VPN



interface tunnel 0

ip address y.y.y.y

tunnel source fastethernet 0/0

tunnel destination z.z.z.z

tunnel mode ipsec ipv4

tunnel protection ipsec profile VPN_TO_BR


crypto ipsec transform-set VPN_TS esp-3des esp-sha-hmac


crypto ipsec profile VPN_TO_BR

set transform-set VPN_TS


crypto-map VPN

match address 101

set transform set VPN_TS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion