Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
356
Views
0
Helpful
5
Replies

Dynamic VPN on Loopback

farkascsgy
Level 4
Level 4

‎09-12-2006 10:12 AM - edited ‎02-21-2020 02:37 PM

Hi,

I have a dynamic crypto map, which is applied to a Fastethernet interface - in this case everything is OK: I can connect and reach the cororate LAN. But when I apply this dynamic crypto map to a loopback interface using /32 IP vpn client connects and I got IP address, but I can't access any resources. Is there any limitation of Loopback interface? What can be the reason? Cisco 2811 is the vpn router....

Thanks in advance,

Bye

FCS

Labels:
0 Helpful
5 Replies 5

attrgautam
Level 5
Level 5

‎09-13-2006 01:41 AM

AFAIK crypto maps are applied on physical/logical interfaces through which the traffic flows. Forcing the crypto source only changes the source IP with which the negotiation still happens. Hence what you see is normal behaviour. Apply crypto maps on outgoing interfaces is the right way.

0 Helpful

farkascsgy
Level 4
Level 4
In response to attrgautam

‎09-13-2006 01:52 AM

And is there any solution for use Loopback interface for this purpose instead of physical?

Thanks in advance,

FCS

0 Helpful

attrgautam
Level 5
Level 5
In response to farkascsgy

‎09-13-2006 02:42 AM

I dont think so.... but why exactly you need the crypto map on the Loopback. You can apply it on the outgoing interfaces.

0 Helpful

farkascsgy
Level 4
Level 4
In response to attrgautam

‎09-13-2006 03:53 AM

So on this router two P-P VPN are terminated and also dynamic VPNs (users from home). Two crypto maps are used on this and I don't want waste IP addresses for dynamic VPN termination, I plan to use /32 IP on Loopback and this would be the connection point for home users..

Can you explain your suggestion with config lines?

Thanks in advance.

bye

FCS

0 Helpful

attrgautam
Level 5
Level 5
In response to farkascsgy

‎09-13-2006 08:26 PM

Well both P-P and dynamic users can use the same loopback as the peer for the crypto termination. It isnt necessary that they use a different source.

Iam sorry but iam confused wrt what u trying to acheive.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents