[c-nsp] IPSEC
Robert Crowe
rwcrowe at comcast.net
Wed Aug 11 19:03:02 EDT 2004
Looks fine to me.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Hotmail
Sent: Wednesday, August 11, 2004 6:19 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] IPSEC
Hi All IPSEC experts,
Would it be possible to run two IPSEC connections from a single router, one
in transport mode and one in tunnel mode? I think I can only have one crypto
map command on my external interface(3640).
Is it possible to have something like below?
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key xxxxxx address 10.10.10.10
crypto ipsec transform-set zzzz esp-des esp-md5-hmac
crypto isakmp key aaaaaa address 20.20.20.20
crypto ipsec transform-set bbbb esp-des esp-md5-hmac
crypto map CRYPTOMAP 1 ipsec-isakmp
set peer 10.10.10.10
set transform-set zzzz
match address 110
crypto map CRYPTOMAP 2 ipsec-isakmp
set peer 20.20.20.20
set transform-set bbbb
match address 120
set pfs group2
interface Tunnel0
ip unnumbered <external interface>
tunnel source <external interface>
tunnel destination 20.20.20.20
crypto map CRYPTOMAP
interface Serial0/0:0.10
crypto map CRYPTOMAP
ip route << RANGE >> Tunnel 0
Best Regards
Ivan
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list