04-05-2006 12:45 AM - edited 02-21-2020 02:21 PM
Can we create a IPSec tunnel over dot1q logical interface?
I have managed to create IPSec tunnel on a FastEthernet interface, but when I moved it to a logical dot1q interface, the IPSec tunnel breaks.
Solved! Go to Solution.
04-06-2006 03:47 AM
When using crypto maps on logical interfaces, the map
must be applied to both the physical and logical interfaces
M.
Hope that helps, rate if it does
04-06-2006 03:47 AM
When using crypto maps on logical interfaces, the map
must be applied to both the physical and logical interfaces
M.
Hope that helps, rate if it does
04-07-2006 01:34 AM
Thanks for the tip. I missed out applying the crypto map on the physical interface.
One more question :-
The initial objective of trunking the FE interface was to create different crypto map for each logical interface.
If we need to apply crypto map to both logical & physical for IPSec to work, this will limit us to use only one crypto map. Since IOS cannot support more than one crypto map per interface.
Any workaround for this to achieve the objective? Thanks.
--
siong
04-07-2006 01:48 AM
I wonder if it is an IOS image. I have implemented crypto maps over logical subinterfaces without configuring crypto maps over the main interfaces. It works fine and there have been no issues. What code are you running on your boxes ?
04-09-2006 02:39 PM
Hi Siong,
When using crymap on dot1q subintf, there is no need to apply crymap on the physical intf.
You can apply different crymaps on different subintf's.
int g0/1
no ip addr
int g0/1.100
encap dot1q 100
ip addr 100.1.1.1
cry map cmap1
int g0/1.200
encap dot1q 200
ip addr 200.1.1.1
cry map cmap2
-Sunil.
04-09-2006 10:18 PM
Hi attrgautam & sunilc,
You guys are right.
I went back cleared all configuration and started everything from scratch.
The IPSec works on a logical dot1q interface without the need to apply the crypto map on the related phyiscal interface. I tried them out on 12.2.19 and 12.2.39 codes.
I must have done something wrong earlier on the crypto map. Thanks guys for pointing it out.
--
siong
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide