I think you should apply crypto map to the incoming physical interface as CET. I will try it then...
----- Original Message -----
From: Daniel Ji <jix@xxxxxxxxxx>
To: CCIE Lab Mailing list <ccielab@xxxxxxxxxxxxxx>
Sent: Friday, November 17, 2000 7:21 AM
Subject: IPsec for tunnel source and dest
> Hello:
> Can I put tunnel source to destination flow in Crypto map "match" access
> list? I tried that but it doesn't seem to work. My config as below, is it
> wrong or I just can't do that? Please help.
>
> Thanks a lot!
> Daniel
>
> ------------------------------------------------------------------------
> crypto isakmp policy 10
> authentication pre-share
> crypto isakmp key ccie address 10.1.2.1
> !
> !
> crypto ipsec transform-set myset esp-des esp-sha-hmac
> !
> crypto map mysecmap 10 ipsec-isakmp
> set peer 10.1.2.1
> set transform-set myset
> match address 100
> !
> !
> !
> !
> interface Loopback0
> ip address 10.1.1.1 255.255.255.0
> !
> interface Tunnel0
> ip address 10.1.18.1 255.255.255.0
> tunnel source 10.1.1.1
> tunnel destination 10.1.2.1
> crypto map mysecmap
> !
> interface Ethernet0/0
> ip address 207.104.210.182 255.255.255.128
> !
> access-list 100 permit ip 10.1.18.0 0.0.0.255 10.1.18.0 0.0.0.255
> access-list 100 permit ip host 10.1.1.1 host 10.1.2.1
> !
> ----------------------------------------------------------------------------
> ---------------------------------
>
>
> _______________________________________________________
> To unsubscribe from the CCIELAB list, send a message to
> majordomo@xxxxxxxxxxxxxx with the body containing:
> unsubscribe ccielab
>
_______________________________________________________
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab
