Can an ipsec tunnel be terminated on the inside interface of a router?
I have a situation in which I will be setting up a VPN tunnel between two routers, each has one inside interface and one outside interface. The problem is that one router is on the edge of the ISP and has private 10.x.x.x address assigned from the ISP, and the other router is not directly connected to the ISP. Instead, it is one hop away, and has public addressing on both sides. The inside networks for both sides are advertised to each other, but the ISP private addresses are not advertised.
Re: Can an ipsec tunnel be terminated on the inside interface of
The crypto map HAS to be applied to the outgoing interface, or at least the interface that faces the peer router. You can however, make the router use a different interface address as the source for the IPSec packets by doing the following:
crypto map mymap local-interface fastethernet0/0
Then, even if the crypto mapis applied to the outside fa0/1 interface, all packets will be sourced from the fa0/0 interface. The other router then has to point to the fa0/0 interface IP address as its peer.
I'm not 100% sure if this is what you want though, going by your description the 10.0.5.1 interface is NOT routable/advertised to the other router, so if RouterA can't actually get to 220.127.116.11 via 10.0.5.1 then this won't help. I may have read your description wrong though so hopefully this'll give you somewhere to go.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...