IPSEC between devices with a single interface
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2017
11:08 AM
- last edited on
02-21-2020
09:21 PM
by
cc_security_adm
Hello,
This is a generic question about an IPSEC tunnel which is to run between 2 devices which have a single physical interface on each side of the tunnel...
My concern is how the crypto ACLs will behave when traffic hits the interface inbound and needs to be sent across the tunnel, and how the crypto ACLs should be applied on the opposing side to ensure there is no duplicated encryption...
Also, does a routing decision get made after the crypto ACL decides wether or not to send traffic across the tunnel? i.e will a permit ACL send across to the other side of the tunnel ignoring the local routing table for a potentially routable destination?
Has anyone had a similar issue? Is the solution possible?
Any help would would be greatly appreciated.
Thanks
- Labels:
-
IPSEC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2017 12:55 PM
If these are routers, use VTI tunnels.
