Crypto map removing itself after reload

Similar Messages

• Problem removing listener after reload

  Note: Using AS2, Flash 8
  Here's the setup:
  I'm developing a small game based on Wheel of Fortune. The
  .swf for the game is loaded into another flash application on
  another developer's end. Their application is build like a
  slideshow. (switching from one .swf to the next, one of which is my
  game)
  I have a "board" of letter spaces and an input text field for
  guessing the phrase.
  The user can either hit letter keys to guess letters on the
  board OR click in the input field and guess the phrase. The input
  field has onSetFocus and onKillFocus function to prevent both
  happening at the same time. Once a user has entered text in the
  field, they can either hit a button or press enter to check if it's
  the right answer.
  Attached at the bottom is a simplified example of the
  listeners for key presses and the input field's functions:
  Thankfully, all this code works fine, but only the first time
  around. If you go back to the game again, it doesn't work the same:
  If you start typing in the input field, letters pop up on the board
  too. (Which, of course, is not supposed to happen)
  I've been able to test this by testing the movie (Ctrl-Enter)
  and then hitting Ctrl-Enter again to reload.
  After doing a trace(Key._listeners.length); I get 1 the first
  time and 2 the second time.
  What this tells me is that on the second time around, even
  though the input_txt.onSetFocus function should be removing the
  keyListener, the keyListener.onKeyDown function is still executing
  because there are now 2 keyListeners. (1 is removed, but the other
  continues to execute)
  I've tried attempting to remove the keyListener before any of
  the code above executes, but it seems to have no effect.
  How is it possible for there to be 2 listeners by the same
  name?
  How do I make sure that there is only one listener active?

  This is an interesting problem. The Key._listener array must
  still live in the cache while Flash is in operation, it seems if
  you close down the program and then reopen (like if you shut down
  the browser and came back) this doesn't happen, but on reload it
  most certainly does.
  I have a solution for you. Loop through the array and remove
  all registered listeners on reload, place the code below previous
  to the registering of the 'keyListener' object:
  Hey, what did I win! ;)

• I am not able to remove crypto map SONZOGNI^@

  Please,show me the command to remove crypto map SONZOGNI^@ .
  Command "no crypto map SONZOGNI^@" doesn't work,the response is crypto map unexisting.
  The Router model is 3640.
  Thanks
  12.0
  service timestamps debug datetime localtime show-timezone
  service timestamps log datetime localtime show-timezone
  service password-encryption
  boot system flash:c3640-is40-mz.120-24.bin
  logging buffered 32000 debugging
  no logging console
  ip subnet-zero
  no ip source-route
  no ip finger
  no ip domain-lookup
  isdn switch-type primary-net5
  crypto map SONZOGNI^@ 1
  set peer cisco-sonzogni
  match address sonzogni-encrypt
  clock timezone CET 1
  clock summer-time CET-SUM recurring last Sun Mar 3:00 last Sun Oct 3:00
  call-history-mib max-size 200

  Try no crypto map SONZOGNI^@" 1, you have to mention the 1 also.

• Cisco 5520: removed crypto map still in effect

  so i typoed a command: "crypto map Map1 7"... instead of "crypto map Map1 70".
  I cleared the Map1 7 entries, and added the correct entries in Map1 70.
  I cleared all of the vpn sessions:
  no crypto map Map1 int outside
  cl ips sa
  cl isa sa
  Now, however, whenever I try to ping the remote network from the inside interface, it seems to read the Map1 7 policy instead of Map1-70.
  Is there anyway to clear the Map1 7 entries from memory? I'm trying to avoid rebooting the firewall.
  Thanks,
  Jeff
  But when I try

  With ASA you need the "clear configure" command to remove a crypto map sequence number
  clear configure crypto map map-name seq-num
  (in configuration mode)

• Lose telnet capability after crypto map

  Hello,
  I have 2 DSL routers setup with a VPN tunnel between them. The VPN works fine. Before setting up the tunnel, I had telnet/SSH access. However, when I apply the crypto map to the Dialer interface, I lose the ability to telnet/SSH to the router. If I remove the VPN setup, I regain the ability to telnet/SSH.
  Any thoughts? I was wondering if the fact the Dialer interface is a logical interface is what is causing the problems?
  Thanks.
  Tony

  Here is the config. ACL 120 has permit ip any any but it is referenced by NAT not the Crypto. Crypto references ACL 130. I have seen it posted not to put any any in the Crypto ACLs, perhaps this applies to the NAT as well. I will try changing that one. Anyway, here is the config. Pretty straight-forward.
  sh run
  Building configuration...
  Current configuration : 2927 bytes
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Ashtabula
  boot-start-marker
  boot-end-marker
  enable secret 5
  no aaa new-model
  dot11 syslog
  ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 192.168.1.1 192.168.1.50
  ip dhcp pool Ash-dhcp
  network 192.168.1.0 255.255.255.0
  dns-server 166.x.x.11 166.102.165.13
  default-router 192.168.1.1
  lease 7
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  no ip domain lookup
  ip domain name Ashtabula.local
  ip name-server 166.102.165.11
  ip name-server 166.102.165.13
  vpdn enable
  username
  username
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key xxxxxxxx address xx.xx.xx.xx no-xauth
  crypto ipsec transform-set ToMead esp-3des esp-sha-hmac
  crypto map Meadville 10 ipsec-isakmp
  set peer xx.xx.xx.xx
  set transform-set ToMead
  match address 130
  archive
  log config
  hidekeys
  bridge irb
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  dsl operating-mode auto
  interface ATM0.1 point-to-point
  pvc 0/35
  pppoe-client dial-pool-number 1
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Dot11Radio0
  no ip address
  shutdown
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root
  interface Vlan1
  description LAN
  ip address 192.168.1.1 255.255.255.0
  ip access-group 100 in
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1452
  bridge-group 10
  bridge-group 10 spanning-disabled
  interface Dialer0
  ip address yy.yy.yy.yy 255.255.255.252
  ip access-group 100 in
  ip mtu 1492
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  ip tcp adjust-mss 1452
  dialer pool 1
  dialer-group 1
  no cdp enable
  ppp authentication pap callin
  ppp pap sent-username xxxxxxx password 0 xxxxxxx
  ppp ipcp dns request
  ppp ipcp address accept
  crypto map Meadville
  interface Dialer1
  no ip address
  no cdp enable
  interface BVI10
  description Bridge to Internal Network
  no ip address
  ip virtual-reassembly
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer0
  ip route 192.168.1.0 255.255.255.0 Vlan1
  ip http server
  no ip http secure-server
  ip nat inside source list 120 interface Dialer0 overload
  access-list 1 permit 192.168.1.0 0.0.0.255
  access-list 120 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
  access-list 120 permit ip any any
  access-list 130 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
  dialer-list 1 protocol ip permit
  no cdp run
  control-plane
  line con 0
  no modem enable
  line aux 0
  line vty 0 4
  password xxxxxxxxxx
  login local
  scheduler max-task-time 5000
  end

• PING is unavailable after CRYPTO MAP on interface

  Hi guys,
  I have problem with ping to public IP of my router (Cisco 2801) I checked all my ACLs but only when I remove crypto map from interface PING is going well. 
  interface FastEthernet0/0
   description ---LAN---$FW_INSIDE$
   ip address 192.168.28.31 255.255.255.0
   ip access-group 103 in
   ip nat inside
   ip virtual-reassembly
   duplex auto
   speed auto
   no mop enabled
  interface FastEthernet0/1
   description ---WAN---$FW_OUTSIDE$$ES_LAN$
   ip address 109.68.238.175 255.255.255.224
   ip access-group 104 in
   no ip proxy-arp
   ip nat outside
   ip virtual-reassembly
   duplex auto
   speed 10 
   crypto map MAIN
   and crypto map MAIN 
  crypto map MAIN 1 ipsec-isakmp 
   description a1
   set peer 180.94.84.177
   set peer 180.94.84.181
   set transform-set a1 
   match address a1
  crypto map MAIN 2 ipsec-isakmp 
   description a2 
   set peer 67.159.45.250
   set transform-set a2 
   match address a2
  and ACLs for this MAIN crypto 
  ip access-list extended a1
   remark CCP_ACL Category=4
   permit ip host 192.168.28.31 host 10.150.82.43
   permit ip host 192.168.28.30 host 10.150.82.43
   permit ip host 192.168.28.31 host 10.150.82.73
   permit ip host 192.168.28.30 host 10.150.82.73
   permit icmp any any
  ip access-list extended a2
   remark CCP_ACL Category=20
   permit ip host 192.168.28.31 host 67.159.51.2
   permit ip host 192.168.28.30 host 67.159.51.2
   permit ip host 192.168.28.31 host 67.159.51.14
   permit ip host 192.168.28.30 host 67.159.51.14
   permit ip host 192.168.28.31 host 67.159.51.10
   permit ip host 192.168.28.30 host 67.159.51.10
   permit icmp any any
  ACL for inbound in WAN interface
  access-list 104 remark CCP_ACL Category=17
  access-list 104 permit udp host 180.94.84.177 host 109.68.238.175 eq non500-isakmp
  access-list 104 permit udp host 180.94.84.177 host 109.68.238.175 eq isakmp
  access-list 104 permit esp host 180.94.84.177 host 109.68.238.175
  access-list 104 permit ahp host 180.94.84.177 host 109.68.238.175
  access-list 104 permit ip host 67.159.51.10 host 192.168.28.30
  access-list 104 permit ip host 67.159.51.10 host 192.168.28.31
  access-list 104 permit ip host 67.159.51.14 host 192.168.28.30
  access-list 104 permit ip host 67.159.51.14 host 192.168.28.31
  access-list 104 permit ip host 67.159.51.2 host 192.168.28.30
  access-list 104 permit ip host 67.159.51.2 host 192.168.28.31
  access-list 104 permit udp host 180.94.84.181 host 109.68.238.175 eq non500-isakmp
  access-list 104 permit udp host 180.94.84.181 host 109.68.238.175 eq isakmp
  access-list 104 permit esp host 180.94.84.181 host 109.68.238.175
  access-list 104 permit ahp host 180.94.84.181 host 109.68.238.175
  access-list 104 permit ip host 10.150.82.73 host 192.168.28.30
  access-list 104 permit ip host 10.150.82.73 host 192.168.28.31
  access-list 104 permit ip host 10.150.82.43 host 192.168.28.30
  access-list 104 permit ip host 10.150.82.43 host 192.168.28.31
  access-list 104 permit udp host 67.159.45.250 host 109.68.238.175 eq non500-isakmp
  access-list 104 permit udp host 67.159.45.250 host 109.68.238.175 eq isakmp
  access-list 104 permit esp host 67.159.45.250 host 109.68.238.175
  access-list 104 permit ahp host 67.159.45.250 host 109.68.238.175
  access-list 104 permit icmp any any
  access-list 104 permit esp any host 67.159.45.250
  access-list 104 permit udp any host 67.159.45.250 eq non500-isakmp
  access-list 104 permit udp any host 67.159.45.250 eq isakmp
  access-list 104 permit ahp any host 67.159.45.250
  Please show me where is problem in my configs, I try to change my config several time but problem still exist 

  Nik
  As far as I know the technically correct answer to your question is Yes you can configure a crypto map on the inside interface. But it leads to a question of why would you want to do that? The function of the crypto map is to provide IPSec protection services to traffic passing through that interface. Why would you want IPSec on traffic going through your inside interface?
  I am also puzzled by the partial config that you posted. Why do you have the internal "private" network and the Internet reachable network as primary and secondary on the same interface?
  HTH
  Rick

• CX Module failed after reload

  Hi there!
  I do know if it is some kind of bug, but all the time after reload the CX module all things stop work, regardless of what form do I reset the module.
  I already tried to acccess the module and reload, tried to stop services with "services stop" command and after that "reload", tried to shutdown using ASA commands and reload it from ASA... everytime I reload when the module come back all services start perfectly, like example below:
  spcx02>show services status
  ============================================================
  Process           | PID   | Up    | Up Time
  ============================================================
  AD Interface      | 6284  | True  | 05:03:03
  Message Nameserver| 6022  | True  | 05:03:59
  HTTP Auth Daemon  | 6094  | True  | 05:03:58
  PDTS              | 6073  | True  | 05:03:59
  HTTP Inspector    | 6193  | True  | 05:03:37
  HTTP Server       | 5972  | True  | 05:03:59
  Data Plane        | 6270  | True  | 05:03:06
  Management Plane  | 6115  | True  | 05:03:45
  HPM Monitor       | 6289  | True  | 05:03:03
  Updater           | 6399  | True  | 05:02:52
  Card Manager      | 5930  | True  | 05:03:59
  ARP Daemon        | 6089  | True  | 05:03:58
  Event Server      | 6133  | True  | 05:03:41
  TLS Proxy         | 6204  | True  | 05:03:37
  ============================================================
  spcx02>show ver
  Cisco ASA CX Platform 9.1.2 (42)
  Cisco Prime Security Manager 9.1.2 (42) for spcx02 firewall
  spcx02>
  I even can access the GUI using my browser, but all athentication with CDA or AD that before boot was working correctly show up the error:
  "Connection failed with error: Could not connect to virtual directory interface."
  Everytime I reload I must reinstall the entire module and reconfigure everything. Anyone know if this is a bug that crashes the database or something like this?
  Regards,
  Rodrigo Alves

  Ah, I forgot to write down that after reload the module and it come back it stop all traffic passing through the firewall and I must remove the policy-map configuration:
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
    inspect h323 h225
    inspect h323 ras
    inspect skinny 
  class class-default
    cxsc fail-open auth-proxy

• Site to Site VPN working without Crypto Map (ASA 8.2(1))

  Hi All,
  Found a strange situation on our ASA5540 firewall :
  We have couple Site to Site VPNs and also enable cleint VPN on the ASA, all are working fine. But found a Site to Site VPN is up and running without crypto map configuration. Is it possible ?
  I tried to clear isa sa and clear ipsec sa then the VPN came up again. Also tested it's pingable to remote site thru the VPN.
  I did see there is tunnel-group config for the VPN but didn't see any crypto map and ACL.
  How does Firewall know which traffic need be encrypted to this VPN tunnel without crypto map?
  Is it the bug ?
  Thanks in advance,

  It might be an easy vpn setup.
  Could you post a running config output remove any sensitive info.  This could help us answer your question more exactly.

• IPhoto will not open even after reload

  I have remove iPhoto and reloaded from disc. Still getting the same error message. I am basically pretty frustrated at this point, any ideas?
  Interval Since Last Report: 13374 sec
  Crashes Since Last Report: 8
  Per-App Crashes Since Last Report: 8
  Anonymous UUID: 41254D60-DDE4-4A37-A55C-DB4E70D14C3F
  Exception Type: EXC_BREAKPOINT (SIGTRAP)
  Exception Codes: 0x0000000000000002, 0x0000000000000000
  Crashed Thread: 0
  Dyld Error Message:
  Library not loaded: /System/Library/PrivateFrameworks/iLifeSlideshow.framework/Versions/A/Framework s/iLifeSlideshowProducer.framework/Versions/A/iLifeSlideshowProducer
  Referenced from: /System/Library/PrivateFrameworks/iLifeSlideshow.framework/Versions/A/iLifeSlid eshow
  Reason: no suitable image found. Did find:
  /System/Library/PrivateFrameworks/iLifeSlideshow.framework/Versions/A/Framework s/iLifeSlideshowProducer.framework/Versions/A/iLifeSlideshowProducer:
  stat() failed with errno=5=

  I am at my wits end with iPhoto error messages and inability to reload it. It has worked fine until yesterday when I started getting the library not loaded error message. I deleted the app, removed the pkg files from HD/Library/Receipts and reloaded the app from my iLife CD as suggested. I have done this 6 times without success and continue to receive the same error message. During reinstall it runs for a long time saying loading packages. After reload there are no new pkg files in teh HD/Library/Receipts location. I do not know what to do next . . . I am open to any assistance.

• Why does my Power MAC G4 keep restarting itself after I shut it down?

  Hi,
  Thanks for reading this.
  Why does my Power MAC G4 keep restarting itself after I shut it down?
  This JUST started happening only 4 days ago.
  Most recent installation was Limewire, but I removed it to see if this problem would go away.
  I have 3 internal drives (See drive types below) that all have OS 10 on them in order to be able to boot up from either drive in the event of trouble.
  However...
  No matter WHICH drive I use as the start up drive... the computer STILL restarts itself after it is properly commanded to shut down.
  Prior to the Limewire install... the ADOBE creative suite was installed.
  There is a Lexmark X83 printer hooked to the computer, which, it seems doesn't matter if it is left on or off... the computer still restarts itself.
  Any ideas?
  Thanks!
  PowerMAC G4(2002 Quicksilver)   Mac OS X (10.4.5)   2 Seagate SATA 250GB drives, 80 GB Seagate ATA drive, Digital Performer 4.6
  PowerMAC G4(2002 Quicksilver)   Mac OS X (10.4.5)   2 Seagate SATA 250GB drives, 80 GB Seagate ATA drive, Digital Performer 4.6

  Hi, Tommy!
  If you still have problems, trash the following three preference files, then shut down and do a PMU reset. (PMU reset procedure for the QS is the same as is shown at the link for the Gigabit Ethernet.)
  HD/Library/Preferences/SystemConfiguration/com.apple.AutoWake.plist
  HD/Library/Preferences/SystemConfiguration/com.apple.PowerManagement.plist
  User/Library/Preferences/com.apple.systemuiserver.plist
  Gary
  1GHz DP G4 Quicksilver 2002, 400MHz B&W rev.2 G3, Mac SE30   Mac OS X (10.4.5)   5G iPod, Epson 2200 & R300 & LW Select 360 Printers, Epson 3200 Scanner

• Hello there, am new here and very stressed, i have an Imac core i3 which is logging off itself after a few seconds of login, it goes back to the login menu where i put the password. I have tried to repair the os but my pioneer rom is not reading the disk.

  Hello there, am new here and very stressed, i have an Imac core i3 which is logging off itself after a few seconds of login, it goes back to the login menu where i put the password. I have tried to repair the os but my pioneer rom is not reading the disk. I press the :c" button on startup but its not picking up the disk in the rom, i have tried to put the disk in an external rom but same answer, am starting to think that my os disk is bad. Please help me.

  Please read this whole message before doing anything.
  This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
  The purpose of this exercise is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login. Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode* and log in to the account with the problem. The instructions provided by Apple are as follows:
  Be sure your Mac is shut down.
  Press the power button.
  Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone.
  Release the Shift key when you see the gray Apple icon and the progress indicator (looks like a spinning gear).
  *Note: If FileVault is enabled under Mac OS X 10.7 or later, or if a firmware password is set, you can’t boot in safe mode.
  Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.
  The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  Test while in safe mode. Same problem(s)?
  After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

• ITunes reopens itself after closing

  Greetings,
  Since version 5 I and many others whom I know cannot close iTunes. It closes then immediately re-opens itself. Even using Task Manager to close it, it simply re-opens itself again, and in the end the only way to close iTunes is to re-boot the computer.
  I have sent Apple about 50 emails with regard to this problem, as have many other people I know, but none of us has ever received a reply.
  I believe this is a common problem.
  I have managed to ascertain that the first opening of iTunes uses the path C:\Programs\iTunes, but that all automatic re-openings thereafter carry a suffix: C:\Programs\iTunes\ -embedding.
  I have disabled all my security software and the problem persists.
  Please does anybody know how to resolve this problem?
  Thank you,
  nippauls

  PROBLEM RESOLVED!
  Here is what I did and it has fixed the issue of iTunes continually re-opening itself after closing with reference to DCOM and embedding.
  I disabled DrWatson by editing the following registry key from 1 to 0:
  HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\AeDebug = 0
  I disabled DCOM by editing the following registry key from Y to N:
  HKLM\SOFTWARE\Microsoft\OLE\EnableDCOM = N
  Then I restarted the computer.
  Then, using Control Panel, I removed iTunes and restarted.
  Then I went to C:\Programs and deleted EVERY folder relating to iTunes and iPod. If a folder refuses to be deleted, open Task Manager and terminate the relevant iPod process then it will be possible to delete the folder.
  I then cleared my Prefetch folder, temp folder, and then recycle bin.
  I restarted the computer, and re-installed iTunes.
  PROBLEM RESOLVED
  Hope this helps other users with similar problems.
  nippauls

• Converting crypto map to unnumbered VTI

  I'm trying to convert a crypto map VPN to a ip unnumbered VTI. The crypto map has been working for months. The VTI... no so much. Here are the applicable config entries.
  ### original config
  crypto isakmp policy 30
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key xxxxxxxx address 10.1.1.10
  crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
  crypto map CRYPTO 50 ipsec-isakmp
  set peer 10.1.1.10
  set transform-set 3DES-SHA
  set pfs group2
  match address VPN1
  ip access-list extended VPN1
  permit ip host 172.16.16.10 host 10.5.5.1
  permit ip host 172.16.16.10 host 10.5.5.4
  I only removed the crypto map and added the following.
  ### New Config
  crypto ipsec profile V1
  set security-association lifetime seconds 28800
  set transform-set 3DES-SHA
  set pfs group2
  interface Tunnel0
  ip unnumbered FastEthernet0/0
  ip nat outside
  ip virtual-reassembly
  tunnel source 172.16.8.1
  tunnel destination 10.1.1.10
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile V1
  I keep getting this ISAKMP error now.
  ISAKMP:(0:54:HW:2):deleting SA reason "Recevied fatal informational" state (I) QM_IDLE (peer 10.1.1.10)
  Any help would be greatly appreciated. Also... I have no idea what is running on the other end (it's a partner network), but I suspect it's a crypto map on IOS.
  Thank you!

  Access-lists, FW (ZBF, CBAC) and all other features work on SVTI same way they would work on a physical or other logical interfaces (with very few exceptions). 

• VPN used loopback counts +1 after reload

  Hi *,
  We have a Cisco 886 router with an IOS 15.X. 
  The VPN Tunnel is built on a loopback (lo10000) interface of the VPN tunnel.
  At the same time the loopback interface is the Source interface for TACACS, Logging & SNMP.
  Everything works beautifully. 
  However, if you make a reload, the tunnel uses the next free loopback interface -> for example loopback interface 10001 ...  with every reload the Loopback Adress is incremented by one number. What the rest of the configuration (TACACS, SNMP, etc.) confuses, and therefore no longer works . 
  Does anyone have an idea what the problem is?
  Thanks in advance!

  Is this a Gre over IPsec tunnel or is it a Crypto map based tunnel ?

• "Crypto map" to inside/internal interface. Possible?

  Hi, I have a two routers on a point to point VPN where the "Crypto Map" statement is assigned to the external interface as normal. This works fine but I need each router to present a different IP address to that of the external interface.
  For example:
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  lifetime 3600
  crypto isakmp key privatekey address 4.4.4.4 no-xauth
  crypto ipsec transform-set 3des esp-3des esp-sha-hmac
  crypto map VPN 1 ipsec-isakmp
  set peer 4.4.4.4
  set transform-set 3des
  match address vpn
  interface FastEthernet0/0
  ip address 4.4.4.4 255.255.255.252
  ip nat outside
  ip virtual-reassembly
  speed 10
  full-duplex
  no cdp enable
  crypto map VPN
  interface FastEthernet0/1
  ip address 8.8.8.8 255.255.255.248
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  Instead of the "4.4.4.4" being presented to the other side of the VPN, I need the 8.8.8.8 to be presented. I've tried just changing the Crypto statements as below but it still presents the 4.4.4.4 probably due to the interface the Crypto map is applied
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  lifetime 3600
  crypto isakmp key privatekey address 8.8.8.8 no-xauth
  crypto ipsec transform-set 3des esp-3des esp-sha-hmac
  crypto map VPN 1 ipsec-isakmp
  set peer 8.8.8.8
  set transform-set 3des
  match address vpn
  How can I make sure that 8.8.8.8 is what's presented at the other end?
  Thanks
  Andy

  Hi Andy,
  I would suggest the following command:
  crypto map local-address
  http://tools.cisco.com/squish/9c85B
  To specify and name an identifying interface to be used by the crypto map for IPSec traffic, use the crypto map local-address command in global configuration mode. To remove this command from the configuration, use the no form of this command.
  crypto map map-name local-address interface-id
  no crypto map map-name local-address
  Example:
  interface loopback0
       ip address 4.2.2.2 255.255.255.252
  crypto map mymap local-address loopback0
  interface S0
        crypto map mymap
  Of course you need to make sure the remote end can reach this additional IP address.
  Let me know if you have any questions.
  Please rate any post that you find useful.