I found an document on the cisco web that describes how to do this. It looks pretty much ok, but I have one question: Q: By applying the crypto map on the outside interface, does this prevent other traffic (acl's) from going out on the outside interface and not in the IPSEC tunnel and to a different address/network?
Geir
No.
However, any traffic which matches the crypto map and which is found to have arrived "directly" (instead of via the VPN) will be logged and dropped.
Any traffic that does not match the crypto maps will not be affected by the existance of the VPN.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.