Creating two tunnels between a pair of routers

Unanswered Question
Jul 26th, 2007
User Badges:

I am trying to configure a pair of ipsec tunnels between two routers for testing purposes. I'd appreciate any insight. I've attempted vti, secondary addresses, etc, to no avail.

Routers are 2851 ISR's with the AIM and IOS 12.4(15)T

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mattiaseriksson Thu, 07/26/2007 - 15:34
User Badges:
  • Bronze, 100 points or more

Hi, there are many examples and guides on You can start there and then try to be a little more specific in your question.

A very basic example:

Another basic example with NAT:

I hope that helps you to get get started.

jrahm Fri, 07/27/2007 - 04:09
User Badges:

I agree that there are plenty of examples for creating a single tunnel between two routers, and I have experience with this. My goal is creating dual tunnels between two routers. Thanks for the effort.

mattiaseriksson Fri, 07/27/2007 - 04:30
User Badges:
  • Bronze, 100 points or more

Why do you want to do that? Between dfferent interfaces you mean? In that case it is not much different from one tunnel.

In any case I recommend to use encrypted gre tunnels, as you may want to run some kind of routing protocol over the tunnels. It also scales much better.

jrahm Fri, 07/27/2007 - 06:02
User Badges:

I don't need the function or overhead of gre. I am evaluating the ISR performance for ipsec and I have almost zero ipsec hardware in the lab. I only have 1 other router with at/greater hardware specifications as the device under test, so I was attempting the multiple tunnel approach to compare the performance specs of 1 tunnel on the DUT versus 10,20,30,etc tunnels.

mattiaseriksson Sat, 07/28/2007 - 05:12
User Badges:
  • Bronze, 100 points or more

Just add lots of networks to each side, you will end up with many SA:s, which is virtually the same as multiple "tunnels".


This Discussion