Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

ipsec (tunnel mode) what would be source ip address?

HI everybody.

Please consider the following ipsec config:

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key cisco123 address 10.1.4.1

!

!

crypto ipsec transform-set myset esp-des esp-md5-hmac

!

crypto map mymap 10 ipsec-isakmp

set peer 10.1.4.1

set transform-set myset

!

!

!

!

interface Ethernet1

ip address 10.1.2.1 255.255.255.0

no ip route-cache

no ip mroute-cache

crypto map mymap

Let say we have a static route as:

ip route 199.199.199.0 255.255.255.0 e1

Let say router receives a packet destined at 199.199.199.2

Router checks the routing table and finds it has to to use e1 to forward it.

When router check e1 for any further processing before the packet can be forwarded out; it finds ipsec configurations

R1 encapsulates the original packet using ipsec headers and new destination ip 10.1.4.1. My question is what address ipsec use for source address?

Is it ip address assigned to ethernet 1?

thanks and have a great day

1 ACCEPTED SOLUTION

Accepted Solutions

ipsec (tunnel mode) what would be source ip address?

HI sarah,

The source address would be the ip address of the interface where you apply the crypto-map.

in your case it will be 10.1.2.1

HTH

Kishore

2 REPLIES

ipsec (tunnel mode) what would be source ip address?

HI sarah,

The source address would be the ip address of the interface where you apply the crypto-map.

in your case it will be 10.1.2.1

HTH

Kishore

Bronze

ipsec (tunnel mode) what would be source ip address?

thanks Kishore

527
Views
0
Helpful
2
Replies
CreatePlease login to create content