Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
949
Views
0
Helpful
2
Replies

Answer Only on VPN Tunnel

Joe Lee
Level 1
Level 1

‎03-29-2012 10:49 AM - edited ‎03-04-2019 03:51 PM

Hello everyone,

I want to terminate the IP Sec VPN tunnel on the Cisco ASR 1002 router, but it shouldn't have be bedirectional traffic to the other end., and it should be answer only, We don't run tunnle over GRE (no IPSec profile), just IPSec only. I found there is a command "crypto map *** client configuration address respond" but it looks it is global command and we have lots of VPN terminated on the Cisco ASR 1002 router, How can we configure the "Answer Only" for only one specific VPN tunnel and it won't impact the others? Please advise.

Regards,

Joe

Labels:
0 Helpful
2 Replies 2

rizwanr74
Level 7
Level 7

‎03-29-2012 01:09 PM

A Router to be configured as a Responder-Only device in a crypto negotiation

Cisco IOS Software Release 12.4(24)T introduces the functionality of the router to always respond to the IKE negotiations initiated by its peers. The main limitation is that this feature is configurable only under an IPSec profile and is relevant only to a virtual interface scenario. No support for static or dynamic crypto map scenarios.

In order to configure your router as responder-only, perform these steps:

enable 
configure terminal 
crypto ipsec profile  
  responder-only

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080b8ad03.shtml#routerrespond

thanks

Rizwan Rafeek

0 Helpful

Joe Lee
Level 1
Level 1
In response to rizwanr74

‎03-29-2012 02:37 PM

Thank you Rizwan. please correct me if I am wrong, ipsec profile is for the VTI, and we only run static crypto map. So in our scenarios it won't work.

0 Helpful
Customers Also Viewed These Support Documents