I recently set up an IPSEC VPN between two routers, I used loopback interfaces as the two peers, but I had to configure PBR in order for the the tunnel to work. Do I have to always configure PBR when using loopbacks in IPSEC? if so then why won't it work with normal routing to the loopback interface?
I can't think of anything preventing you from using regular routing. Just make the subnet on the remote site reachable through the loopback interface and vice-versa.
I'll make sure to try again, because I read on several places online that if you route traffic into the loopback (in order for it to hit the crypto-map) with a regular static route, the traffic fails and so it did. but when i did it with PBR and "set interface loopback0" it worked.
When I read your original post I understood that you were using the loopback interface address as the peer address. That is a fairly common practice. When I read your follow up post it sounds like you have configured the crypto map on the loopback interface. That is not a common practice and I can understand that if you just routed traffic with the loopback as the next hop why the UPSec did not work. The usual practice is to configure the crypto map on the physical interface through which the traffic will go.
crypto maps are not supported on loopback interfaces.
You can think of it like this "Crypto map desginates an interface on which encrypted traffic will be received on this device".
What you're most likely is to set the local-address on crypto map.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
