Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

site to site IPSEC VPN

Dear All,

Can I use Cisco router LAN interface IP address as a site-to-site IPSEC tunnel peer address? beacuse my ISP can not route WAN interface IP address between two peers, only the LAN interface IP address can communiate between two peers. How to configure it and anything I must to care?

Best Regards,

Jackson Ku

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: site to site IPSEC VPN

you can use the 'crypto map NAME local-address' command. As long as the tunnel terminates on the outside interface you should be OK. I would also look into IPSec over GRE for that setup. You can configure static routes on each local peer to get to the remote peer.

Enter configuration commands, one per line. End with CNTL/Z.

XXXXX-rtr(config)#crypto map mymap ?

<1-65535> Sequence to insert into crypto map entry

client Specify client configuration settings

isakmp Specify isakmp configuration settings

local-address Interface to use for local address for this crypto map

XXXXX-rtr(config)#crypto map mymap local-address ?

Async Async interface

BVI Bridge-Group Virtual Interface

CTunnel CTunnel interface

Dialer Dialer interface

FastEthernet FastEthernet IEEE 802.3

Lex Lex interface

Loopback Loopback interface

Multilink Multilink-group interface

Null Null interface

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

XXXXX-rtr(config)#crypto map mymap local-address

1 REPLY
New Member

Re: site to site IPSEC VPN

you can use the 'crypto map NAME local-address' command. As long as the tunnel terminates on the outside interface you should be OK. I would also look into IPSec over GRE for that setup. You can configure static routes on each local peer to get to the remote peer.

Enter configuration commands, one per line. End with CNTL/Z.

XXXXX-rtr(config)#crypto map mymap ?

<1-65535> Sequence to insert into crypto map entry

client Specify client configuration settings

isakmp Specify isakmp configuration settings

local-address Interface to use for local address for this crypto map

XXXXX-rtr(config)#crypto map mymap local-address ?

Async Async interface

BVI Bridge-Group Virtual Interface

CTunnel CTunnel interface

Dialer Dialer interface

FastEthernet FastEthernet IEEE 802.3

Lex Lex interface

Loopback Loopback interface

Multilink Multilink-group interface

Null Null interface

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

XXXXX-rtr(config)#crypto map mymap local-address

173
Views
0
Helpful
1
Replies
CreatePlease login to create content