Hi Rene
I use virtual tunnel interface and i seem to work, it is correct ?
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.12.2 192.168.12.1 QM_IDLE 1002 ACTIVE
192.168.12.1 192.168.12.2 QM_IDLE 1001 ACTIVE
IPv6 Crypto ISAKMP SA
R1#sh crypto ipsec sa
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 192.168.12.1
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.12.1/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (192.168.12.2/255.255.255.255/47/0)
current_peer 192.168.12.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 256, #pkts encrypt: 256, #pkts digest: 256
#pkts decaps: 245, #pkts decrypt: 245, #pkts verify: 245
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
Another question is how much mtu does IPsec Takes
Cordially