Okay I want site to site ipsec tunnels with multiple router as you can on the interfaces, but when a crypto map set so I used a tunnel interface is now my question about the sources and destination IP addresses are public or private IP addresses that for that purpose?

As I tried to explain in my previous post, sometimes it works ok to use private addresses as the source and destination address for the tunnel and sometimes it requires public addresses. You can not say that it is always one or always the other. You must consider the particular situation to figure this out.

The basic principle is that there must be IP connectivity between the source and the destination addresses.

Perhaps some examples might help. I have a customer that has a requirement that certain sensitive information will be transmitted from from one office to another office and must be encrypted by a site to site VPN with IPSec and GRE. Since the source and destination are both within their Enterprise network it works quite well to use private addressing for the source and destination addresses. I have another customer who uses site to site VPN with IPSec and GRE to go from one site to HQ over the Internet. For this it is a requirement that they use Public addresses for source and destination.

So the important thing is to consider whether the originating router can send a packet to the destination using private addressing and the other router can respond using private addressing and it gets to the originating router. In this case it is fine to use private addresses. Otherwise it is necessary to use Public addresses.

HTH

Rick

Okay I'm starting to understand as a public IP address that you may use themselves as the wan interface?