Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Need help on crypto access lists

Hi,

I have a setup like this. Location A, B on one side of a MPLS cloud and locations C and D on the other side.The intention is to create an IPSec tunnel from A to C and D and also from B to C and D. In case of local loop failure to the cloud, location B traffic will come to Location A and pass through the tunnel and vice versa. Similarly Location C traffic will come to location D and pass through the tunnel, vice versa.

I would need help in configuring the crypto access lists. Should i create a seperate access list for each source - destination pair in all the routers to comply with the mirror rule?

Please give me your inputs.

Regards

ED.

2 REPLIES
Hall of Fame Super Blue

Re: Need help on crypto access lists

Hi Ed

Best way to do this would be

Site A will have source subnets of A & B. destination subnets of C & D.

Site B will be the same as A.

Site C will have source subnets of C & D and destination of A & B .

etc.

HTH

New Member

Re: Need help on crypto access lists

Hi,

Thanks for your response.I have attached a diagram depicting the setup. The tunnel end point is unique for each location.The identifying addres for the tunnel for each location will be a loopback address.So,as per the diagram LOC A- LOC tunnel and LOC B- LOC C tunnel will terminate with the loopback address 10.100.30.1. Similarly tunnels to LOC D will terminate with the loopback address 10.100.40.1.This is to ensure that the traffic takes the optimum route.

The configuration what i envisage is using unique access lists for each pair of locations and using all the access lists in all locations.But depending on the destination, the 'set peer' command will specify different loopback addresses.

Your inputs are welcome.

Regards

ED.

117
Views
0
Helpful
2
Replies
CreatePlease to create content