Solved: ipsec (tunnel mode) what would be source ip address?

sarahr202 · ‎12-21-2011

HI everybody.

Please consider the following ipsec config:

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key cisco123 address 10.1.4.1

!

crypto ipsec transform-set myset esp-des esp-md5-hmac

!

crypto map mymap 10 ipsec-isakmp

set peer 10.1.4.1

set transform-set myset

!

interface Ethernet1

ip address 10.1.2.1 255.255.255.0

no ip route-cache

no ip mroute-cache

crypto map mymap

Let say we have a static route as:

ip route 199.199.199.0 255.255.255.0 e1

Let say router receives a packet destined at 199.199.199.2

Router checks the routing table and finds it has to to use e1 to forward it.

When router check e1 for any further processing before the packet can be forwarded out; it finds ipsec configurations

R1 encapsulates the original packet using ipsec headers and new destination ip 10.1.4.1. My question is what address ipsec use for source address?

Is it ip address assigned to ethernet 1?

thanks and have a great day

Kishore Chennupati · ‎12-21-2011

HI sarah,

The source address would be the ip address of the interface where you apply the crypto-map.

in your case it will be 10.1.2.1

HTH

Kishore

Kishore Chennupati · ‎12-21-2011

HI sarah,

The source address would be the ip address of the interface where you apply the crypto-map.

in your case it will be 10.1.2.1

HTH

Kishore

sarahr202 · ‎12-21-2011

thanks Kishore