Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
265
Views
0
Helpful
1
Replies

IPSec Tunnel Router Loopback to Pix outside int

dswia555
Level 1
Level 1

‎12-21-2003 06:04 PM - edited ‎02-21-2020 12:58 PM

In the process of setting up ipsec tunnels between 7206 (ios 12.3.x) and a remote Pix (6.3.3). I have been told conflicting things about the ability to terminate tunnels to a loopback. Ideally, we would terminate to a public ip on the remote pix's physical interface and to a loopback, with a public ip, on the 7206. Can anyone point me in the direction of good documentation on this subject? Does anyone know if it will work correctly?

Thanks in advance for any info you can provide.

d

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎12-22-2003 01:56 AM

It works, no problem. The PIX crypto config should point to the loopback address on the router.

The router crypto config will look like this:

crypto map mymap local-address loopback0

crypto map mymap 10 ipsec-isakmp

   set peer

   set transform-set ....

   match address ....

The rest of the crypto config is standard.

The "local-address" command makes the router source all crypto packets from the loopback address, which is necessary because that's what the PIX is pointing to.

Put the crypto map on the OUTGOING router interface, NOT the loopback interface, and everything should be fine.

0 Helpful
Customers Also Viewed These Support Documents