Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using Crypto Maps and IPsec Static VTI's on the same router

Is it possible to configure both crypto maps and IPsec static VTI's on the same router? What platforms have this capability? What IOS version do I need?

2 REPLIES
New Member

Re: Using Crypto Maps and IPsec Static VTI's on the same router

Yes you can and as far as I know I dont think there is a hardware dependency.

VTI mode 'tunnel mode ipsec ipv4' was added in 12.3(14)T.

If you are mixing tunnel protection and crypto map ensure you use iskmp profiles to differentiate somehow that the tunnel IPSec connection is not prcessed on the crypto map!

Here is a rough example (fine tune it as needed):

crypto keyring key1

  pre-shared-key address 1.1.1.1 key test123

crypto keyring key2

  pre-shared-key address 7.7.7.7 key test777

crypto isakmp profile vpn1

   keyring key1

   match identity address 1.1.1.1 255.255.255.255

crypto isakmp profile vpn2

   keyring key2

   match identity address 7.7.7.7 255.255.255.255

crypto ipsec transform-set test esp-des esp-sha-hmac

crypto IPsec profile vpn-tunnel

set transform-set test

set isakmp-profile vpn1

crypto map mymap 1 ipsec-isakmp

set transform-set test

set peer 7.7.7.7

set isakmp-profile vpn2

match address 177

interface Tunnel0

ip address 10.0.51.217 255.255.255.0

tunnel source 2.2.2.2

tunnel destination 1.1.1.1

tunnel mode ipsec ipv4

tunnel protection ipsec profile vpn-tunnel

interface Ethernet4

ip add 2.2.2.2 255.255.255.0

crypto map mymap

Regards,
Uwe

Самое главное отличие будет в

Самое главное отличие будет в том, что на удаленных устройствах в этом случае б в самом crypto-acl будут лишь два адреса, зеркальные адресам, указанным как tunnel source и tunnel destination на 2921. По идее, больше никаких изменений.

4324
Views
0
Helpful
2
Replies
CreatePlease to create content