IPsec configuration
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by Frank Winkler on May 3, 2008, 4:48 pm
Please log in for more thread options I have a working VPN setup (between a router and a PIX) based on crypto maps. For education's sake, I tried to replace the crypto map ny a tunnel interface on the router. Basically, it looks like this: crypto map fw 101 ipsec-isakmp set peer X set transform-set vpn match address 101 has been changed to crypto ipsec profile vpn set transform-set vpn interface Tunnel1 no ip address tunnel source FastEthernet0 tunnel destination X tunnel mode ipsec ipv4 tunnel protection ipsec profile vpn The ISAKMP part is left unchanged, the relevant parameters look comparable. I'm aware that a route to the remote network is missing to make things work but the problem is that the tunnel doesn't come up (see "show ip int brief") so that the route is ignored. What I'm wondering now is whether crypto maps and tunnel interfaces are just different notations for the same thing (which would make them interchangeable) or if they are completely different from each other. IOW: can I use tunnel interfaces with a PIX or just with another tunnel interface at the remote end? TIA fw | |||||||||||||||||||
|
Posted by Joe Beasley on May 3, 2008, 11:14 pm
Please log in for more thread options | |||||||||||||||||||
|
Posted by Frank Winkler on May 4, 2008, 1:31 pm
Please log in for more thread options Joe Beasley wrote:
>The Virtual Tunnel Interface and the crypto map are not interchangeable.
I see - and wh not? What's the technical difference? Regards fw | |||||||||||||||||||
| Similar Threads | Posted |
| Pix 501 VPN IPsec Configuration | December 6, 2007, 11:51 pm |
| IPsec configuration | May 3, 2008, 4:48 pm |
| Failing Phase2 Auth - IPSec - All IPSec SA proposals found unacceptable | November 26, 2008, 7:37 pm |
| Configuration reverted to previous configuration after power loss | March 3, 2006, 11:14 am |
| IPsec within L2TP over IPsec - PIX. | July 23, 2006, 6:14 pm |
| 4506 acting as LNS with L2TP over IPsec and IPsec over L2TP. | February 15, 2007, 5:47 pm |
| 4506 acting as LNS with L2TP over IPsec and IPsec over L2TP. | February 20, 2007, 4:00 am |
| PEAP Configuration Woes - PEAP configuration help | December 19, 2005, 3:41 pm |
| IPSec | October 4, 2005, 3:10 pm |
| IPSec VPN through NAT | January 24, 2006, 4:19 pm |
| QoS and IPSEC | February 10, 2006, 4:24 am |
| RSH over IPSEC VPN | March 14, 2006, 9:25 am |
| IPSEC to PIX 515 | April 14, 2006, 9:46 am |
| PIX 506 IPSEC | June 18, 2005, 7:01 am |
| VPN with IPSec | July 23, 2007, 2:48 am |
>
> I have a working VPN setup (between a router and a PIX) based on crypto
> maps. For education's sake, I tried to replace the crypto map ny a
> tunnel interface on the router. Basically, it looks like this:
>
>
> crypto map fw 101 ipsec-isakmp
> set peer X
> set transform-set vpn
> match address 101
>
> has been changed to
>
> crypto ipsec profile vpn
> set transform-set vpn
> interface Tunnel1
> no ip address
> tunnel source FastEthernet0
> tunnel destination X
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile vpn
>
>
> The ISAKMP part is left unchanged, the relevant parameters look
> comparable. I'm aware that a route to the remote network is missing to
> make things work but the problem is that the tunnel doesn't come up (see
> "show ip int brief") so that the route is ignored.
>
> What I'm wondering now is whether crypto maps and tunnel interfaces are
> just different notations for the same thing (which would make them
> interchangeable) or if they are completely different from each other.
> IOW: can I use tunnel interfaces with a PIX or just with another tunnel
> interface at the remote end?
>
> TIA
>
> fw