[c-nsp] Cisco IPSEC Configuration
Christopher J. Wargaski
wargo1 at gmail.com
Thu Dec 16 19:55:38 EST 2010
Hello Shake--
There is no problem having several tunnels on the same interface,
however, they must be in the same crypto map. Here is an example:
crypto map L2L-map 1 ipsec-isakmp
description RMS test
set peer 11.22.33.44
set security-association lifetime seconds 86400
set transform-set ESP-AES-256-MD5
match address RMS
crypto map L2L-map 2 ipsec-isakmp
description Chicago DC
set peer 66.77.88.99
set security-association lifetime seconds 86400
set transform-set ESP-AES-256-MD5
match address Chicago
crypto map L2L-map 3 ipsec-isakmp
description Regina HQ
set peer 66.44.55.22
set security-association lifetime seconds 86400
set transform-set ESP-AES-256-MD5
match address Regina-HQ
...
interface GigabitEthernet0/0
description Internet - Outside
ip address 33.44.55.66 255.255.255.0
ip access-group autosec_firewall_acl in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect autosec_inspect out
ip policy route-map VPN-PBR-map
duplex full
speed 100
no cdp enable
no mop enabled
crypto map L2L-map
Could you post a sanitized copy of your configuration?
cjw
Date: Thu, 16 Dec 2010 13:55:00 +0300
> From: Righa Shake <righa.shake at gmail.com>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco IPSEC Configuration
> Message-ID:
> <AANLkTi=_1awiokKo3ZKxg+dzMZBSE9_fungROsamS8f1 at mail.gmail.com<1awiokKo3ZKxg%2BdzMZBSE9_fungROsamS8f1 at mail.gmail.com>
> >
> Content-Type: text/plain; charset=ISO-8859-1
>
> Am having several ipsec configurations on the same interface on a router
>
> however when i run the command
> show crypto session detail command am only seeing a single session and not
> the other session am trying to bring up.
>
> what could b the problem
>
>
> Rgrds,
> Shake
>
>
More information about the cisco-nsp
mailing list