Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
0
Helpful
3
Replies

Question to IPSec tunnel endpoints

jjjwinkler
Level 1
Level 1

‎03-12-2001 05:36 AM - edited ‎02-21-2020 11:18 AM

we want to establish ipsec tunnels between vpn clients and central internet router (7xxx). Is it possible to use a loopback interface with private ip address as the tunnel endpoint (where we set the 'crypto map' reference)?

happy to hear from you.

jo

Labels:
0 Helpful
3 Replies 3

ROBERT WATSON
Level 1
Level 1

‎03-16-2001 06:20 AM

why not use a normal interface?

Remember the 1720 is goin to encrypt interesting traffic that matches you access list if the traffic doesnt attempt to move through loopback 0 then your traffic won't be encrypted. Think of the 1720 as a pix you have an untrusted interface and the traffic leaving that interface must be encrypted from prying eyes to your peer.

0 Helpful

rchester
Level 1
Level 1

‎03-18-2001 12:41 PM

I think this would lead you into a restriction on the choice of transform set (because of nat) to esp only, and you can not overload the nat.

http://www.cisco.com/warp/public/759/ipj_3-4/ipj_3-4_nat.html

explains the problems of using ipsec and nat concurrently.

I think also that the interface logic for ipsec on IOS is a bit confusing

reload in 25 years
0 Helpful

huang_ht
Level 1
Level 1

‎04-26-2001 07:51 AM

I think this could not be done. How do your client find the tunnel end point (lookback with private IP address) from internet? If you have public IP address assgined to the loopback interface, it should be ok.

0 Helpful
Customers Also Viewed These Support Documents