Thanks. I actually knew about the NULL encryption option. My question was more specifically, is there a way in a crypto map to say "encrypt x data going to the peer but do not encrypt y data going to the same peer"
I came to the conclusion that there is no way to do that because the crypto ACL determines not only what gets encrypted but what gets send into the tunnel. In other words, you can't send packets into the tunnel that don't match the crypto ACL and if it matches the crypto ACL you can either encrypt or not encrypt (null) but not one or the other. On Thu, Dec 13, 2012 at 12:58 PM, Piotr Matusiak <[email protected]> wrote: > Hi Joe, > > You can use NULL encryption while configuring transform-set for a specific > crypto ACL. > > Regards, > Piotr > > > > On 12/13/12 6:52 PM, Joe Astorino wrote: >> >> This may seem basic, but I was wondering -- Is there a way to send >> traffic over a L2L VPN that is NOT encrypted? For example, perhaps >> you want to encrypt some traffic but not encrypt other traffic while >> at the same time sending all traffic through the tunnel. >> >> Suppose an ASA to ASA L2L VPN tunnel. I know the crypto map ACL >> identifies the traffic to be protected. Does it also then identify >> traffic that should go into the tunnel at all? In other words, is >> there a way to send traffic through the tunnel but NOT encrypt it? I >> can't think of a way to do that but wanted to be sure. Thanks >> > -- Regards, Joe Astorino CCIE #24347 http://astorinonetworks.com "He not busy being born is busy dying" - Dylan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
