cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
909
Views
0
Helpful
3
Replies

Cat 6500 IPsec support in software

pdesch
Level 1
Level 1

My question is: Are there limitations/nuances for configuring IPSec tunnels on Catalyst 6500s in software (without the VPN module).

I recently took over a management of a Catalyst 6500 and have run into a roadblock while trying to configure an IPSec tunnel. The tunnel comes up fine, I don't see any errors on either end, the SAs/IPs match, and the "interesting traffic ACLs" are incrementing as expected on both ends.

The problem is I can't ping across the tunnel. I thought this was a routing problem but the static route from the 6500 to the remote private server is in the routing table correctly.

All the configurations I've seen online are using the 6500 VPN Module. I can't believe that we would have to pay for a whole new card to set up 1 IPSec Tunnel. I think there has to be some nuance with the 6500 that I'm not aware of.

Thanks ahead of time.

3 Replies 3

jbayuka
Level 5
Level 5

When you configure the IPSec VPN SPA on the Catalyst 6500 series switch, you ensure that all packets coming from or going to the Internet pass through the IPSec VPN SPA.Refer URL

http://www.cisco.com/en/US/products/hw/switches/ps708/module_installation_and_configuration_guides_chapter09186a00805f37bf.html

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Please don't shoot the messenger :-) but i believe that you can only use a VPN tunnel in software to manage the switch.

If you want to create VPN tunnels for any other purpose you need an IPSEC VPN Module or an IPSEC VPN SPA.

I know, it's a pain. The FWSM has the same limititation. A standalon pix supports multiple VPN tunnels but the FWSM only supports VPN tunnels for management.

Jon

Jon,

Thanks for the reply, that's what I figured. But just to clarify, you are saying that you can use a VPN tunnel to manage the switch...which is all we want to do anyway.

But what exactly does that mean? I figured it would support ICMP and SNMP across the tunnel which is all we want...but ICMP doesn't seem to be working.

Thanks ahead of time

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: