Tom,
You may want to investigate Cisco's Configuring VPN Settings
http://www.cisco.com/en/US/products/...ml#w p1292811
Using the Same Interface VPN Feature ( i.e. VPN on a stick ):
In cases where a single external interface is used to both receive
traffic and to distribute it after encryption, Router MC uses the
loopback0 interface on the device as the VPN interface.
This feature can be enabled by selecting the Same Interface VPN check
box in the Spoke VPN Interface page.
--------------------------------------------------------------------------------
Note To use this feature, the device must be configured with a
loopback0 interface.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Note If NAT is configured on the external interface, NAT will be
applied to the flow that matches the NAT filter, and this flow will
also be IPSec encapsulated.
--------------------------------------------------------------------------------
Procedure
--------------------------------------------------------------------------------
Step 1 Select Configuration > Settings.
Step 2 Select Spoke > VPN Interface from the TOC. The Spoke VPN
Interface page appears. See Table 6-10 for a description of the
elements in the Spoke VPN Interface page.
Step 3 If you have an individual spoke selected in the Object Selector,
select your desired interface in the Select Interface list box and
click Apply to confirm your selection.
Otherwise, if you have selected Global or selected a device group in
the Object Selector, do as follows.
Step 4 Click Show Interfaces.
The Show Interfaces dialog box appears, and lists the interfaces on the
device(s) in the selected object that are available for selection. See
Table 6-4 for a description of the elements displayed in the Show
Interfaces dialog box.
--------------------------------------------------------------------------------
Note An interface that has already been defined as the inside interface
will not appear in the list of available interfaces because you cannot
use the same interface for both inside interface and VPN interface.
--------------------------------------------------------------------------------
Step 5 Select the check box next to one or more of the listed interface
options to select it.
Step 6 Click Select to confirm your choices and close the Show
Interfaces dialog box.
See Table 6-4 for a description of elements in the Show Interfaces
dialog box.
Step 7 Click Validate to open the Validate Interface dialog box and
validate your interface selection.
For example, if you selected Ethernet 1/0, the Validate Interface
dialog box will indicate how many of the devices in your selected
object have this interface available. If the selected interface is not
available on any of the devices, you must either choose another
interface that is on at least one of the devices, or select a different
interface on the individual devices that are not covered.
Step 8 Click Close to return to the Spoke VPN Interface page.
Step 9 Optionally, specify a subinterface in the Subinterface field
that should function as the VPN interface for the spoke.
Step 10 Click Apply to apply your selections.
Sincerely,
Brad Reese
BradReese.Com Cisco Repair Worldwide
United Kingdom: 44-20-70784294
U.S. Toll Free: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
Website: http://www.bradreese.com/cisco-big-iron-repair.htm
