|
Posted by Joe Beasley on May 3, 2008, 11:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Frank Winkler wrote:
> Hi there !
>
> I have a working VPN setup (between a router and a PIX) based on crypto
> maps. For education's sake, I tried to replace the crypto map ny a
> tunnel interface on the router. Basically, it looks like this:
>
>
> crypto map fw 101 ipsec-isakmp
> set peer X
> set transform-set vpn
> match address 101
>
> has been changed to
>
> crypto ipsec profile vpn
> set transform-set vpn
> interface Tunnel1
> no ip address
> tunnel source FastEthernet0
> tunnel destination X
> tunnel mode ipsec ipv4
> tunnel protection ipsec profile vpn
>
>
> The ISAKMP part is left unchanged, the relevant parameters look
> comparable. I'm aware that a route to the remote network is missing to
> make things work but the problem is that the tunnel doesn't come up (see
> "show ip int brief") so that the route is ignored.
>
> What I'm wondering now is whether crypto maps and tunnel interfaces are
> just different notations for the same thing (which would make them
> interchangeable) or if they are completely different from each other.
> IOW: can I use tunnel interfaces with a PIX or just with another tunnel
> interface at the remote end?
>
> TIA
>
> fw
The Virtual Tunnel Interface and the crypto map are not interchangeable.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map