cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
721
Views
4
Helpful
2
Replies

Router to Router using incoming(internal) interface for IPsec VPN

tkpsimon
Level 1
Level 1

As my title described, just wanted to make sure if this is possible or not. I did try to put up a config like this, but the router is not negoticate any tunnel at all.

any reply would be appreciate thanks

2 Replies 2

gfullage
Cisco Employee
Cisco Employee

If what you mean is can you put the crypto map on the inside interface, then the answer is no. The crypto map must be applied to the outgoing interface (the interface facing the other peer), this is the only time the code will look at the packet to see if it needs to be encrypted. There's no way to have the router check an incoming packet to see if it should be encrypted on the way out.

Sorry.

Peter P
Level 4
Level 4

You can build a tunnel from a loopback address. You would need to use policy routing to forward traffic you wanted to tunnel to the loopback and apply the crypto-map on that loopback.