11-08-2006 03:20 AM - edited 03-03-2019 02:37 PM
Hello there,
i have a doubt.
actually we make in my enterprise changes of
type of security strategy and change ipsec tunnel for the rsa pub-key.
Ok..
But, when we put the tunnel in shutdown, in order eliminate, i can?t put the wan interface in OSPF.
=before=
interface tunnel99
shutdown
no bandwidth 256
no ip address x.y.z.k 255.255.255.252
no ip ospf cost 360
no tunnel source x.y.z.k
no tunnel destination x.y.z.(k+1)
no interface tunnel99
by the way:
1) the crypto map is ok and works good.
in the interface serial
interface Serial0/0.99
ip ospf cost 360 (the same the ancient tunnel)
crypto map x.y.z.k
in the process ospf
router ospf 4499
no passive-interface Serial0/0.99
Somebody knows whats wrong???
in one case a put the tunnel in passive-interface after exclude, the router accept this command, and they works good. But i?m not really sure about this solution.
Thanks a lot...
Anderson (Brazil)
11-08-2006 02:20 PM
what is the condition you are trying to fix? This is confusing. You had a tunnel, you are moving the tunnel to a new interface?
11-13-2006 01:44 AM
The cryptography is ok, but, the OSPF do not redistribute the internal routes.
No, in this case i disable the tunnel, and use de IP address for a new conection in other sub-interface. I the new conection i use rsa cryptography.
11-08-2006 05:01 PM
Please provide more detail config. of the routing protocol and the ip address in interface. Your example of the tunnel ip is the same as the tunnel source that confused the case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide