[c-nsp] IPSEC
Hotmail
marak_marak at hotmail.com
Wed Aug 11 18:19:10 EDT 2004
Hi All IPSEC experts,
Would it be possible to run two IPSEC connections from a single router, one
in transport mode and one in tunnel mode? I think I can only have one crypto
map command on my external interface(3640).
Is it possible to have something like below?
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key xxxxxx address 10.10.10.10
crypto ipsec transform-set zzzz esp-des esp-md5-hmac
crypto isakmp key aaaaaa address 20.20.20.20
crypto ipsec transform-set bbbb esp-des esp-md5-hmac
crypto map CRYPTOMAP 1 ipsec-isakmp
set peer 10.10.10.10
set transform-set zzzz
match address 110
crypto map CRYPTOMAP 2 ipsec-isakmp
set peer 20.20.20.20
set transform-set bbbb
match address 120
set pfs group2
interface Tunnel0
ip unnumbered <external interface>
tunnel source <external interface>
tunnel destination 20.20.20.20
crypto map CRYPTOMAP
interface Serial0/0:0.10
crypto map CRYPTOMAP
ip route << RANGE >> Tunnel 0
Best Regards
Ivan
More information about the cisco-nsp
mailing list