[c-nsp] 2800 for VPN Server site-to-site and remote access

[Tolstykh, Andrew]

Use multiple statements within a single crypto map configuration:

crypto map iosvpn 5 ipsec-isakmp
 set peer X.X.X.X
 set security-association lifetime seconds 28800
 set transform-set aes-sha
 match address vpn_XXXgard5
 reverse-route
crypto map iosvpn 15 ipsec-isakmp
 set peer X.X.X.X
 set security-association lifetime seconds 28800
 set transform-set aes-sha
 match address vpn_XXXgard15
 reverse-route
crypto map iosvpn 25 ipsec-isakmp
 set peer X.X.X.X
 set security-association lifetime seconds 28800
 set transform-set aes-sha
 match address vpn_XXXgard25
 reverse-route
crypto map iosvpn 35 ipsec-isakmp
 set peer X.X.X.X
 set security-association lifetime seconds 28800
 set transform-set aes-sha
 match address vpn_XXXgard35
 reverse-route
crypto map iosvpn 100 ipsec-isakmp dynamic dyn


On 7/7/08 10:52 AM, "Ge Moua" <moua0100 at umn.edu> wrote:

> Yes, use subinterfaces:
> interface GigabitEthernet0/0.1
> interface GigabitEthernet0/0.2
> interface GigabitEthernet0/0.3
> ++
> 
> Then attach different crypto-map per sub-interface.  We are doing this.
> 
> Regards,
> Ge Moua | Email: moua0100 at umn.edu
> 
> Network Design Engineer
> University of Minnesota | Networking & Telecommunications Services
>  
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Everton Diniz
> Sent: Monday, July 07, 2008 9:46 AM
> To: cisco-nsp
> Subject: [c-nsp] 2800 for VPN Server site-to-site and remote access
> 
> Hi all,
> 
> Is it possible to use 2821 for vpn concentrator doing both site-to-site and
> remote access connections in only one interface?
> 
> Hi have 2 crypto map´s, but the interface accept only one.
> 
> crypto dynamic-map vpnmap 10
>  set transform-set transfervpn
>  reverse-route
> 
> crypto map L2L 11 ipsec-isakmp
>  set peer 200.200.200.1
>  set peer 200.200.201.1
>  set transform-set L2L
>  match address 120
> 
> interface GigabitEthernet0/0
>  ip address 200.100.100.1 255.255.254.0
>  duplex auto
>  speed auto
>  crypto map onsaescom
> end
> 
> Anybody use the 2800 for this purpose?
> 
> Tks all.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


 
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.  If you received this in error, please contact the sender and delete the material from any computer.