12-21-2011 06:44 PM - edited 03-07-2019 04:00 AM
HI everybody.
Please consider the following ipsec config:
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 10.1.4.1
!
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 10.1.4.1
set transform-set myset
!
!
!
!
interface Ethernet1
ip address 10.1.2.1 255.255.255.0
no ip route-cache
no ip mroute-cache
crypto map mymap
Let say we have a static route as:
ip route 199.199.199.0 255.255.255.0 e1
Let say router receives a packet destined at 199.199.199.2
Router checks the routing table and finds it has to to use e1 to forward it.
When router check e1 for any further processing before the packet can be forwarded out; it finds ipsec configurations
R1 encapsulates the original packet using ipsec headers and new destination ip 10.1.4.1. My question is what address ipsec use for source address?
Is it ip address assigned to ethernet 1?
thanks and have a great day
Solved! Go to Solution.
12-21-2011 06:50 PM
HI sarah,
The source address would be the ip address of the interface where you apply the crypto-map.
in your case it will be 10.1.2.1
HTH
Kishore
12-21-2011 06:50 PM
HI sarah,
The source address would be the ip address of the interface where you apply the crypto-map.
in your case it will be 10.1.2.1
HTH
Kishore
12-21-2011 07:32 PM
thanks Kishore
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: