Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3018
Views
5
Helpful
3
Replies

"Crypto map" to inside/internal interface. Possible?

Go to solution
Andrew Battersby
Level 1
Level 1

‎07-30-2012 05:36 AM

Hi, I have a two routers on a point to point VPN where the "Crypto Map" statement is assigned to the external interface as normal. This works fine but I need each router to present a different IP address to that of the external interface.

For example:

crypto isakmp policy 1

encr 3des

authentication pre-share

lifetime 3600

crypto isakmp key privatekey address 4.4.4.4 no-xauth

!

!

crypto ipsec transform-set 3des esp-3des esp-sha-hmac

!

crypto map VPN 1 ipsec-isakmp

set peer 4.4.4.4

set transform-set 3des

match address vpn

!

interface FastEthernet0/0

ip address 4.4.4.4 255.255.255.252

ip nat outside

ip virtual-reassembly

speed 10

full-duplex

no cdp enable

crypto map VPN

!

interface FastEthernet0/1

ip address 8.8.8.8 255.255.255.248

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

Instead of the "4.4.4.4" being presented to the other side of the VPN, I need the 8.8.8.8 to be presented. I've tried just changing the Crypto statements as below but it still presents the 4.4.4.4 probably due to the interface the Crypto map is applied

crypto isakmp policy 1

encr 3des

authentication pre-share

lifetime 3600

crypto isakmp key privatekey address 8.8.8.8 no-xauth

!

!

crypto ipsec transform-set 3des esp-3des esp-sha-hmac

!

crypto map VPN 1 ipsec-isakmp

set peer 8.8.8.8

set transform-set 3des

match address vpn

How can I make sure that 8.8.8.8 is what's presented at the other end?


Thanks


Andy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Javier Portuguez
Level 9
Level 9

‎07-30-2012 05:47 AM

Hi Andy,

I would suggest the following command:

crypto map local-address

http://tools.cisco.com/squish/9c85B

To specify and name an identifying interface to be used by the crypto map for IPSec traffic, use the crypto map local-address command in global configuration mode. To remove this command from the configuration, use the no form of this command.

crypto map map-name local-address interface-id

no crypto map map-name local-address

Example:

interface loopback0

     ip address 4.2.2.2 255.255.255.252

!

crypto map mymap local-address loopback0

!

interface S0

      crypto map mymap

!

Of course you need to make sure the remote end can reach this additional IP address.

Let me know if you have any questions.

Please rate any post that you find useful.

View solution in original post

3 Replies 3

Go to solution
Javier Portuguez
Level 9
Level 9

‎07-30-2012 05:47 AM

Hi Andy,

I would suggest the following command:

crypto map local-address

http://tools.cisco.com/squish/9c85B

To specify and name an identifying interface to be used by the crypto map for IPSec traffic, use the crypto map local-address command in global configuration mode. To remove this command from the configuration, use the no form of this command.

crypto map map-name local-address interface-id

no crypto map map-name local-address

Example:

interface loopback0

     ip address 4.2.2.2 255.255.255.252

!

crypto map mymap local-address loopback0

!

interface S0

      crypto map mymap

!

Of course you need to make sure the remote end can reach this additional IP address.

Let me know if you have any questions.

Please rate any post that you find useful.

Go to solution
Andrew Battersby
Level 1
Level 1
In response to Javier Portuguez

‎07-30-2012 05:57 AM

Thanks Javier. That worked a treat

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to Andrew Battersby

‎07-30-2012 06:39 AM

Great news my friend

Thanks for counting on us!

Take care!!

0 Helpful
Customers Also Viewed These Support Documents