1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Wireless Router
  5. C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion...
  6. Software configuration manual

Applying Tunnel Templates To The Ipsec Two-Box Solution - Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module Software Configuration Manual

Wireless mic
Hide thumbs
Table of Contents

Advertisement

Applying Tunnel Templates to the IPSec Two-box Solution

Applying Tunnel Templates to the IPSec Two-box Solution
Configuring IPSec in conjunction with Cisco IOS Mobile Network software requires special attention
because the egress interface of the traffic can change and IPSec is typically configured on the egress
interface. The previous recommendation had been to configure the crypto map on the loopback interface
and to use policy routing to set next hop loopback for all traffic that needed encryption.
Applying a crypto map on a loopback interface is not a supported configuration (as documented in
Note
CSCdx79795).
Tunnel templates, introduced in Cisco IOS Release 12.2(15)T, add multicast support, but can be used to
apply other parameters to the inner tunnel interface. Applying the crypto map to the tunnel template
requires the crypto map local-address commands as shown in the following example configuration. The
local address should be set to the home address interface. This recommendation eliminates the need for
policy routing and allows for all traffic to be Cisco Express Forwarding (CEF) switched (which is not
supported on loopback interfaces).
To be encrypted, all traffic from the mobile router must be reverse tunneled; the reverse tunnel becomes
the egress interface at which the crypto map is applied.
Example Configuration
hostname MN
!
crypto isakmp policy 10
crypto isakmp key skeleton
!
address 192.168.1.1
crypto ipsec transform-set aes esp-aes 256 esp-sha-hmac
!
! Local-address must point to the Home Address
!
crypto map MAR_VPN local-address Loopback 0
crypto map MAR_VPN 1 ipsec-isakmp
!
interface Tunnel99
!
interface LoopbackO
!
interface EthernetO/O
!
interface Ethernet1/0
description Mobile Network
!
Tunnel Templates
4
encr aes
authentication pre-share
group 2
lifetime 900
set peer 192.168.1.1
set transform-set aes
match address 110
description Mobile Networks Tunnel Template
no ip address
crypto map MAR_VPN
ip address 192.168.100.10 255.255.255.255
ip address 169.254.255.1 255.255.255.255
ip mobile router-service roam
ip address 192.168.124.1 255.255.255.0
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module

Related Content for Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module

This manual is also suitable for:

C3230asy-kit= - 3200 series rugged enclosure assemblyC3230enc-1wmic-k9 - 3230 routerC3270enc-k93200 series

Table of Contents