[c-nsp] IPSEC

Robert Crowe rwcrowe at comcast.net
Wed Aug 11 19:03:02 EDT 2004


Looks fine to me.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Hotmail
Sent: Wednesday, August 11, 2004 6:19 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] IPSEC

Hi All IPSEC experts,

Would it be possible to run two IPSEC connections from a single router, one
in transport mode and one in tunnel mode? I think I can only have one crypto
map command on my external interface(3640).
Is it possible to have something like below?

crypto isakmp policy 1
hash md5
authentication pre-share
group 2

crypto isakmp key xxxxxx address 10.10.10.10
crypto ipsec transform-set zzzz esp-des esp-md5-hmac

crypto isakmp key aaaaaa address 20.20.20.20
crypto ipsec transform-set bbbb esp-des esp-md5-hmac

crypto map CRYPTOMAP 1 ipsec-isakmp
set peer 10.10.10.10
set transform-set zzzz
match address 110

crypto map CRYPTOMAP 2 ipsec-isakmp
set peer 20.20.20.20
set transform-set bbbb
match address 120
set pfs group2

interface Tunnel0
ip unnumbered <external interface>
tunnel source <external interface>
tunnel destination 20.20.20.20
crypto map CRYPTOMAP

interface Serial0/0:0.10
crypto map CRYPTOMAP

ip route << RANGE >> Tunnel 0

Best Regards
Ivan
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list