Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN terminated on Loopback IP

Hi all,

I'm willing to configure a VPN client on my 2691 router [run IOS ver. 12.4(15)T7]. the network setup is quite simple, as following

ADSL router --> VPN router

I've configured a loopback 0 to terminate the VPN sessions but to no avail, for curiosity reason I've tried to terminate the VPN on the Fa0/0 and amazingly working fine.

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration address-pool local dynpool

!

crypto isakmp client configuration group hasan-gr

key hasan-key

dns 10.0.0.2

wins 10.0.0.2

pool dynpool

!

!

crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 1

set transform-set transform-1

reverse-route

!

!

crypto map dynmap isakmp authorization list hasan-gr

crypto map dynmap client configuration address respond

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

!

!

!

!

!

!

interface Loopback0

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

crypto map dynmap

!

interface FastEthernet0/0

ip address 10.0.0.60 255.255.255.0

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

ip nat source static 192.168.1.1 10.0.0.131

ip local pool dynpool 192.168.74.200 192.168.74.220

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.0.0.2

any helpful comments will be higly appreciated..

Regards,

2 REPLIES
Silver

Re: VPN terminated on Loopback IP

Your loopback 0 needs to be visible for this

to work.

Hall of Fame Super Silver

Re: VPN terminated on Loopback IP

For the VPN tunnel to work when terminated on the loopback it would also be necessary to configure the crypto map local-address command. By default the crypto will use the address of the outbound interface. So when terminating the VPN on the physical interface local-address is not needed. To use the loopback you need the configuration command to change the address used from the physical outbound interface to the loopback.

HTH

Rick

248
Views
3
Helpful
2
Replies