I recently set up an IPSEC VPN between two routers, I used loopback interfaces as the two peers, but I had to configure PBR in order for the the tunnel to work. Do I have to always configure PBR when using loopbacks in IPSEC? if so then why won't it work with normal routing to the loopback interface?
I'll make sure to try again, because I read on several places online that if you route traffic into the loopback (in order for it to hit the crypto-map) with a regular static route, the traffic fails and so it did. but when i did it with PBR and "set interface loopback0" it worked.
When I read your original post I understood that you were using the loopback interface address as the peer address. That is a fairly common practice. When I read your follow up post it sounds like you have configured the crypto map on the loopback interface. That is not a common practice and I can understand that if you just routed traffic with the loopback as the next hop why the UPSec did not work. The usual practice is to configure the crypto map on the physical interface through which the traffic will go.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...