How about a second tunnel (ie GRE p2p) and use PBR to send the non encrypted traffic down the GRE tunnel as opposed to the the IPSec tunnel?
Dont forget to have denies for this traffic in the crypto map. Or maybe make a second crypto map pointing to an "IPSec" tunnel with esp-null "encryption". Cheers, Matt CCIE #22386 CCSI #31207 On 14 December 2012 08:29, Joe Astorino <[email protected]> wrote: > Thanks. I actually knew about the NULL encryption option. My > question was more specifically, is there a way in a crypto map to say > "encrypt x data going to the peer but do not encrypt y data going to > the same peer" > > I came to the conclusion that there is no way to do that because the > crypto ACL determines not only what gets encrypted but what gets send > into the tunnel. In other words, you can't send packets into the > tunnel that don't match the crypto ACL and if it matches the crypto > ACL you can either encrypt or not encrypt (null) but not one or the > other. > > On Thu, Dec 13, 2012 at 12:58 PM, Piotr Matusiak <[email protected]> wrote: >> Hi Joe, >> >> You can use NULL encryption while configuring transform-set for a specific >> crypto ACL. >> >> Regards, >> Piotr >> >> >> >> On 12/13/12 6:52 PM, Joe Astorino wrote: >>> >>> This may seem basic, but I was wondering -- Is there a way to send >>> traffic over a L2L VPN that is NOT encrypted? For example, perhaps >>> you want to encrypt some traffic but not encrypt other traffic while >>> at the same time sending all traffic through the tunnel. >>> >>> Suppose an ASA to ASA L2L VPN tunnel. I know the crypto map ACL >>> identifies the traffic to be protected. Does it also then identify >>> traffic that should go into the tunnel at all? In other words, is >>> there a way to send traffic through the tunnel but NOT encrypt it? I >>> can't think of a way to do that but wanted to be sure. Thanks >>> >> > > > > -- > Regards, > > Joe Astorino > CCIE #24347 > http://astorinonetworks.com > > "He not busy being born is busy dying" - Dylan > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
