[c-nsp] 2800 for VPN Server site-to-site and remote access

Everton Diniz notrevebr at gmail.com
Mon Jul 7 15:08:35 EDT 2008 

Andrew,


Great!!!
Tks for good information.



On 7/7/08, Tolstykh, Andrew <ATolstykh at integrysgroup.com> wrote:
> Use multiple statements within a single crypto map configuration:
>
> crypto map iosvpn 5 ipsec-isakmp
>  set peer X.X.X.X
>  set security-association lifetime seconds 28800
>  set transform-set aes-sha
>  match address vpn_XXXgard5
>  reverse-route
> crypto map iosvpn 15 ipsec-isakmp
>  set peer X.X.X.X
>  set security-association lifetime seconds 28800
>  set transform-set aes-sha
>  match address vpn_XXXgard15
>  reverse-route
> crypto map iosvpn 25 ipsec-isakmp
>  set peer X.X.X.X
>  set security-association lifetime seconds 28800
>  set transform-set aes-sha
>  match address vpn_XXXgard25
>  reverse-route
> crypto map iosvpn 35 ipsec-isakmp
>  set peer X.X.X.X
>  set security-association lifetime seconds 28800
>  set transform-set aes-sha
>  match address vpn_XXXgard35
>  reverse-route
> crypto map iosvpn 100 ipsec-isakmp dynamic dyn
>
>
> On 7/7/08 10:52 AM, "Ge Moua" <moua0100 at umn.edu> wrote:
>
> > Yes, use subinterfaces:
> > interface GigabitEthernet0/0.1
> > interface GigabitEthernet0/0.2
> > interface GigabitEthernet0/0.3
> > ++
> >
> > Then attach different crypto-map per sub-interface.  We are doing this.
> >
> > Regards,
> > Ge Moua | Email: moua0100 at umn.edu
> >
> > Network Design Engineer
> > University of Minnesota | Networking & Telecommunications Services
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Everton Diniz
> > Sent: Monday, July 07, 2008 9:46 AM
> > To: cisco-nsp
> > Subject: [c-nsp] 2800 for VPN Server site-to-site and remote access
> >
> > Hi all,
> >
> > Is it possible to use 2821 for vpn concentrator doing both site-to-site and
> > remote access connections in only one interface?
> >
> > Hi have 2 crypto map´s, but the interface accept only one.
> >
> > crypto dynamic-map vpnmap 10
> >  set transform-set transfervpn
> >  reverse-route
> >
> > crypto map L2L 11 ipsec-isakmp
> >  set peer 200.200.200.1
> >  set peer 200.200.201.1
> >  set transform-set L2L
> >  match address 120
> >
> > interface GigabitEthernet0/0
> >  ip address 200.100.100.1 255.255.254.0
> >  duplex auto
> >  speed auto
> >  crypto map onsaescom
> > end
> >
> > Anybody use the 2800 for this purpose?
> >
> > Tks all.
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.  If you received this in error, please contact the sender and delete the material from any computer.
>
>

More information about the cisco-nsp mailing list