[c-nsp] IPSEC Hub and Spoke - Single crypto profile, Multiple dynamic-map
ar
ar_djp at yahoo.com
Tue Jul 10 19:43:56 EDT 2012
Hi.
I am trying to setup a dynamic IPSEC remote access for MPLS VPNs.
Setup is;
- one 7200 as VPN concentrator
- mulitple remote CPE connected via 3G Internet doing IPSEC with the concentrator
Objective is:
- Remote CPE LAN to another remote CPE LAN traffic
My config is a single Phase 1, but mulitple Phase 2.
Is it possible to have inter-site traffic via the hub using the same IPSEC tunnel?
Or it has to be different tunnel per site?
VPN Concentrator Config:
crypto keyring custC-key vrf FVRF-C
pre-shared-key address 0.0.0.0 0.0.0.0 key customerC
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp profile custC-profile
vrf VRF-C
keyring custC-key
match identity address 0.0.0.0 FVRF-C
crypto dynamic-map custC-map 10
set transform-set IPSEC
set isakmp-profile custC-profile
match address 104
crypto dynamic-map custC-map 20
set transform-set IPSEC
set isakmp-profile custC-profile
match address 105
crypto dynamic-map custC-map 30
set transform-set IPSEC
set isakmp-profile custC-profile
match address 106
crypto dynamic-map custC-map 40
set transform-set IPSEC
set isakmp-profile custC-profile
match address 108
crypto dynamic-map custC-map 50
set transform-set IPSEC
set isakmp-profile custC-profile
match address 109
Comments?
thanks
More information about the cisco-nsp
mailing list