Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
3
Replies

Crypto Map configuration is not supported on the given interface

Brad303
Level 1
Level 1

‎03-22-2024 03:35 PM

I'm trying to set up a VPN on a 6506-E running 12.2(33)SXJ10, but I'm getting this error:

 

6506(config)#int gi5/1
6506(config-if)#crypto map REMOTE_VPN
ERROR: Crypto Map configuration is not supported on the given interface
6506(config-if)#

 

Is this a configuration issue, or hardware limitation?

Labels:
0 Helpful
3 Replies 3

Torbjørn
Spotlight
Spotlight

‎03-22-2024 04:16 PM

I believe that is caused by a hardware limitation for the Gi5 line card. Which line card is it?

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

MHM Cisco World
VIP
VIP

‎03-22-2024 05:39 PM

This interface is L3 ?

The crypto only run under l3 interface not l2.

MHM

0 Helpful

Brad303
Level 1
Level 1

‎03-25-2024 11:33 AM

Thanks for the suggestions.

This unit has two WS-X6748-GE-TX cards.

The Gi5/1 interface has an IP assigned (plus a secondary, actually), so it's L3.

I was able to add the crypto map to a VLAN, but I don't know if that tells us anything.

I did find this:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/release/notes/ol_14271/features.html

IPsec Network Security

Note

  • The SPA-IPSEC-2G supports IPsec Network Security in hardware
  • Without a SPA-IPSEC-2G, the IPsec Network Security feature (configured with the crypto ipsec command) is supported in software only for administrative connections to Catalyst 6500 series switches.

I don't see a SPA-IPSEC-2G in my modules. Is that my issue?

0 Helpful
Customers Also Viewed These Support Documents