Cisco CCIE Certification and CCNP Certification FAQs: Where do I have to apply crypto maps?

Cisco CCIE Certification and CCNP Certification FAQs :
Where do I have to apply crypto maps?

For straight IPSEC connections, it goes on the physical interface.

For GRE over IPSEC, it must go on both the physical and tunnel interface. With 12.3T, this changes, and only the physical interface is used

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml

   "OS Configuration Note: With Cisco IOS 12.2(13)T and later codes
    (higher numbered T-train codes, 12.3 and later codes) the configured
    IPSEC "crypto map" only needs to be applied to the physical interface
    and is no longer required to be applied on the GRE tunnel interface.
    Having the "crypto map" on the physical and tunnel interface when
    using the 12.2.(13)T and later codes still works. However, it is
    highly recommended to apply it just on the physical interface."

[Append to This Answer]

Previous:	How do I make the router alert when a threshold has been exceeded?
Next:	Can I have an 802.1q trunk on a 10mbit interface?

This document is: http://ertw.com/cgi-bin/fom?file=60

	[Search]	[Appearance]
This is a Faq-O-Matic 2.719.

This FAQ administered by ...