You first decide what traffic you wan to tunnel.
That traffic will match an access list for sening over the tunnel.
I believe that plain old GRE tunneling is supported in the standard IP
feature set, but I'm not sure. To make use of IPSec, I do believe you need
the IP PLUS feature set, but I'm feeling too lazy to go look it up on Ciscos
web site...
Anyways... Once that feature is set, you configure a crypto map with your
desired encryption strength, and apply that to both the terminating and the
tunnel interfaces...
That should do it. Please correct me if I missed anything...
-Brant.
-Original Message-
From: Robert McIntire
To: [EMAIL PROTECTED]
Date: Tue, 18 Sep 2001 18:58:18 -0400
Subject: VPN - NAT interoperability [7:20326]
I'm looking to study the Cisco method of VPN implementation. I've worked a
little with the IOS firewall feature pack, but have a few questions about how
all of these features on a Cisco edge router work together. First of all,
does anyone know which feature set is required to nail up a tunnel? I'm
assuming that its the IP plus IPsec 56 feature pack, and that I would have
both firewalling and tunneling ability with the IP/FW plus IPSec 56 feature
set. Can anyone in the know verify this for me before I hose up the home
lab?? Also, one final question. Let's say I've got an edge router at 2
remote offices connecting each private network to the Internet. How do NAt
and tunneling work together? If dynamic NAT is enabled with the outside
address of the router, wouldn't all traffic existing the outside interface be
NAted? Surely not, but I'm in need of documentation. How is traffic bound
for the other office directed down the tunnel? Does anyone know of a good
tutorial about how this all works toghether?f0D
Thanks in advance for any info, Bob McIntire, CCNA
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20339t=20326
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
