Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
916
Views
0
Helpful
3
Replies

IPsec Configuration Cisco ASR920

Amos Kafwembe
Level 1
Level 1

‎07-11-2018 12:53 AM - edited ‎03-12-2019 05:27 AM

Good day all,

I am trying to set up an IPsec VPN on my Cisco ASR920. I found a sample config on the cisco site but one thing I note is that there is no acl to identify interesting traffic in the configuration. how do I capture interesting traffic and send it via the IPsec tunnel with this sample config provided by Cisco?

 

https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/sec_vpn/sec-ipsec-xe-3s-book-920/overview_of_ipsec.html

 

 

 

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎07-11-2018 01:35 AM

Hi,

In this example you provided it uses a VTI (virtual tunnel interface) and does not require and ACL to define interesting traffic. To send encrypted traffic accross the VPN tunnel you just need to route the traffic, either a static route or using a routing protocol.

 

From the example in the link you provided:

ip route 192.168.20.0 255.255.255.0 tunnel504

Therefore 192.168.20.0/24 is the remote subnet which would be encrypted and routed over the VTI, obviously a return route needs to be applied on the other device.

 

HTH

0 Helpful

Amos Kafwembe
Level 1
Level 1
In response to Rob Ingram

‎07-11-2018 05:49 AM

Hi RJI,

 

Is this secure? also, do you have any sample config on achieving this without tunnel mode?

0 Helpful

Rob Ingram
VIP
VIP
In response to Amos Kafwembe

‎07-11-2018 06:10 AM - edited ‎07-11-2018 06:13 AM

Hi,

Yes it is secure, it's still an IPSec VPN it just uses a VTI rather than a crypto map. I personally prefer using a VTI over a crypto map.

 

Example of Crypto Map on Cisco router

 

HTH

0 Helpful
Customers Also Viewed These Support Documents