[c-nsp] 2800 for VPN Server site-to-site and remote
Nic Passmore
nic.passmore at gmail.com
Mon Jul 7 20:14:13 EDT 2008
Am having a similiar problem here. I find when I apply the dynamic map at
the end of the crypto map that is applied to the interface, the existing
site to site tunnels do not come up.
Haven't had a chance to do any actual diagnostics yet this morning, but was
under the impression it might have something to do with the following
configuration line:
crypto map somemap client configuration address respond
Anyone have any tips?
Cheers,
Nic.
--------------------------------------------
Message: 2
Date: Mon, 07 Jul 2008 12:55:45 -0500
From: "Tolstykh, Andrew" <ATolstykh at integrysgroup.com>
Subject: Re: [c-nsp] 2800 for VPN Server site-to-site and remote
access
To: <moua0100 at umn.edu>, "'Everton Diniz'" <notrevebr at gmail.com>,
"'cisco-nsp'" <cisco-nsp at puck.nether.net>
Message-ID: <C497C2D1.50A3%ATolstykh at integrysgroup.com<C497C2D1.50A3%25ATolstykh at integrysgroup.com>
>
Content-Type: text/plain; charset="iso-8859-1"
Use multiple statements within a single crypto map configuration:
crypto map iosvpn 5 ipsec-isakmp
set peer X.X.X.X
set security-association lifetime seconds 28800
set transform-set aes-sha
match address vpn_XXXgard5
reverse-route
crypto map iosvpn 15 ipsec-isakmp
set peer X.X.X.X
set security-association lifetime seconds 28800
set transform-set aes-sha
match address vpn_XXXgard15
reverse-route
crypto map iosvpn 25 ipsec-isakmp
set peer X.X.X.X
set security-association lifetime seconds 28800
set transform-set aes-sha
match address vpn_XXXgard25
reverse-route
crypto map iosvpn 35 ipsec-isakmp
set peer X.X.X.X
set security-association lifetime seconds 28800
set transform-set aes-sha
match address vpn_XXXgard35
reverse-route
crypto map iosvpn 100 ipsec-isakmp dynamic dyn
More information about the cisco-nsp
mailing list