[c-nsp] Cisco IPSEC Configuration
Gert Doering
gert at greenie.muc.de
Fri Dec 17 07:44:34 EST 2010
Hi,
On Fri, Dec 17, 2010 at 03:33:30PM +0300, Righa Shake wrote:
> crypto map MYCRYPTOMAP 10 ipsec-isakmp
> set peer X.X.X.X
> set transform-set MYCRYPTO1
> match address VPNTRAFF
> crypto map MYCRYPTOMAP 20 ipsec-isakmp
> set peer Y.Y.Y.Y
> set transform-set MYCRYPTO2
> match address VPNTRAFF
> crypto map MYCRYPTOMAP 30 ipsec-isakmp
> set peer Z.Z.Z.Z
> set transform-set MYCRYPTO2
> match address VPNTRAFF
Since the "match address" block is the same, there's no reason why the
router should establish SAs to Y and Z.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20101217/be75af48/attachment.bin>
More information about the cisco-nsp
mailing list