I have a PIX 506 with a 3DES tunnel to a PIX 501. I would like VoIP traffic to tunnel without encryption or at least less encryption.
I was thinking about using tunnel interfaces(i've created 'int tunnel 0' on 2600/1700 routers in the past) because I thought I these could tunnel w/out encrypting data, but is this possible to create tunnel interfaces on PIX's? Also, which ACLs get processed first, IPSec tranform set ACL or tunnel interface ACL?
If the above is not possible can I create a second instance of my 3DES crypto map using a different transform set that has just DES or no encryption associated with them? For that second instance of the crypto map I would obvoiusly just be matching VoIP traffic on it's transform set's ACL.
Re: Elminate or reduce encryption for VoIP traffic
As you say GRE tunnels are not supported on the Pixes, and the problem with GRE tunnels is that anything you slam down the tunnel gets encrypted anyway.
I think you're on the right track about creating a crypto-map for your VOIP traffic and using an ESP-Null transform-set. Some smart Cisco folks should be able to give you some ideas on throughput using esp-null. The advantage is too, tha althous it isn'e encrypted, it is encapsulated so you still get VPN capability.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :