As my title described, just wanted to make sure if this is possible or not. I did try to put up a config like this, but the router is not negoticate any tunnel at all.
If what you mean is can you put the crypto map on the inside interface, then the answer is no. The crypto map must be applied to the outgoing interface (the interface facing the other peer), this is the only time the code will look at the packet to see if it needs to be encrypted. There's no way to have the router check an incoming packet to see if it should be encrypted on the way out.
You can build a tunnel from a loopback address. You would need to use policy routing to forward traffic you wanted to tunnel to the loopback and apply the crypto-map on that loopback.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
