Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

about IKE configuration

I have a question that how to configure the parameter to make the IPsec tunnel should be terminated on a appointed interface? At the IKE phase 1, whether can I configure it with related command?

More, If there is a condition said with "you will not be able to initiate traffic to bring up the tunnel", whether I must use symmestric crypto access-list to meet the requirement.

I have a big trouble to decide how to define the appointed interface to provide IPsec service.



Cisco Employee

Re: about IKE configuration

You can define the interface that all IPSec packets will be sourced from with:

crypto map local-address Loopback0

or whatever other interface you want to use. The crypto map still needs to be applied on the OUTGOING interface, don't change that, it just means the packets will be sourced from that specific interface address. Also, the other router then has to peer to this Loopback0 address.

For the tunnel to come up the router has to see traffic that matches the access-list. Additionally, the access-list MUST be the exact opposite of the one defined on the peer router.