Re: binding crypto map ???

iqbalkhan · ‎06-28-2006

Hi

when i create point to multipoint vpn tunnel we create crypto map and tunnel interface. now my question is where i bind crypto map ?. only in tunnel interface or only ethernet interface ?.

if you see the example i mention tunnel source ethernet0 if i mention tunnel source tunnel101 then it is right ?

where is right choice for crypto binding ????

=============

1. crypto map dc-br 101 ipsec-isakmp

2. match address 101

3. set transform-set dcall

4. set peer 10.10.10.2

5. description *** connect to branch1 ***

1. crypto map dc-br 102 ipsec-isakmp

2. match address 102

3. set transform-set dcall

4. set peer 10.10.10.3

5. description **connect to branch*****

===

interface Tunnel101

des****to branch 1

ip address 192.168.20.5 255.255.255.252

load-interval 30

keepalive 5 4

tunnel source E0

tunnel destination 192.168.10.5

Crypto map dc-br

Interface Eo

ip address 192.168.10.4

crypto map dc-br

==================

thanks

biplob

sachinraja · ‎06-29-2006

you should always bind the crypto map to the outbound interface. here, u can bind it to the tunnel interface, if all the packets are routed via the tunnel interface.

Hope this helps.. all the best...

Raj

iqbalkhan · ‎07-02-2006

Hi

Thanks . If use loopback interface and bind only crypto map in loopback interface then it working if I am not bind outbound interface then it is ok or not.

Thanks

Biplob