Technical information
36
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuring a VPN Using the VPN Module
crypto connect vlan 20
!
!!! "interface" VLAN, assigned to VPN-SM on slot 2
interface Vlan20
ip address 10.13.1.2 255.255.0.0
crypto map cmap3
!
!!! connected to Host 1
interface FastEthernet6/1
ip address 10.9.1.2 255.255.255.0
!
!!! connected to Host 2
interface FastEthernet6/2
ip address 10.9.2.2 255.255.255.0
!
!!! connected to Switch 2
interface GigabitEthernet5/3
switchport
switchport mode access
switchport access vlan 11
!
!!! connected to Switch 2
interface GigabitEthernet5/4
switchport
switchport mode access
switchport access vlan 19
!
ip classless
!
!!! packets from Host 1 to Host 3 are routed from FastEthernet6/1
!!! to VLAN 12, encrypted with crypto map cmap2
!!! using VPN-SM in slot 3, and forwarded to peer 10.8.1.1
!!! through GigabitEthernet5/3
ip route 10.6.1.4 255.255.255.255 10.8.1.1
!
!!! packets from Host 2 to Host 4 are routed from FastEthernet6/2
!!! to VLAN 20, encrypted with crypto map cmap3
!!! using VPN-SM in slot 2, and forwarded to peer 10.13.1.1
!!! through GigabitEthernet5/4
ip route 10.6.2.1 255.255.255.255 10.13.1.1
!
!!! ACL matching traffic between Host 1 and Host 3
access-list 102 permit ip host 10.9.1.3 host 10.6.1.4
!
!!! ACL matching traffic between Host 2 and Host 4
access-list 103 permit ip host 10.9.2.1 host 10.6.2.1
Using IPSec Stateful Failover and the VPN Module
Note This section applies to VPN modules running Cisco IOS Release 12.2(14)SY or later releases.