Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

dynamic IPSec with router IOS

The PIX has the ability to create dynamic IPSec crypto maps which I find REALLY handy. Can I router with the encryption capable IOS image do the same?

Thanks,

Diego

3 REPLIES
Cisco Employee

Re: dynamic IPSec with router IOS

Diego,

Yes, it is possible.

Please refer the below URL for details:

Configuring Router-to-Router Dynamic-to-Static IPSec with NAT

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

Let me know if it helps.

Regards,

Arul

** Please rate all helpful posts **

New Member

Re: dynamic IPSec with router IOS

This looks exactly what I need except for one thing. Since sam-i-am is accepting dynamic connections why does it need an ACL to define IPSec traffic? The PIX that I have setup to accept dynamic, incoming IPSec connections does not have an ACL configured since by defintion, you don't know which subnet/router will be connecting. It seems to me that sam-i-man should "figure out" what to encrypt based on the incoming ACL/connection from whoovie like the PIX does. I guess some experimenting/testing is in order. Thank you very much for that link.

Gold

Re: dynamic IPSec with router IOS

In example DYNAMIC means that outside public IP address is negotiated - so it helps you establish IPsec no matter what IP address peer gets... but with ACLs you are sayin what traffic you need encrypt between private LANs - those address are always same (10.2.2.x and 10.1.1.1 in this example)...

So i think you always needs ACL to specify what traffic is encrypted

You need also this destination network remove from NAT process(route map nonat is used in this example)

M.

Hope that helps rate if it does

183
Views
5
Helpful
3
Replies
CreatePlease to create content