Creating two tunnels between a pair of routers

Unanswered Question
Jul 26th, 2007

I am trying to configure a pair of ipsec tunnels between two routers for testing purposes. I'd appreciate any insight. I've attempted vti, secondary addresses, etc, to no avail.

Routers are 2851 ISR's with the AIM and IOS 12.4(15)T

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mattiaseriksson Thu, 07/26/2007 - 15:34

Hi, there are many examples and guides on cisco.com. You can start there and then try to be a little more specific in your question.

A very basic example:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008073e078.shtml

Another basic example with NAT:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

I hope that helps you to get get started.

jrahm Fri, 07/27/2007 - 04:09

I agree that there are plenty of examples for creating a single tunnel between two routers, and I have experience with this. My goal is creating dual tunnels between two routers. Thanks for the effort.

mattiaseriksson Fri, 07/27/2007 - 04:30

Why do you want to do that? Between dfferent interfaces you mean? In that case it is not much different from one tunnel.

In any case I recommend to use encrypted gre tunnels, as you may want to run some kind of routing protocol over the tunnels. It also scales much better.

jrahm Fri, 07/27/2007 - 06:02

I don't need the function or overhead of gre. I am evaluating the ISR performance for ipsec and I have almost zero ipsec hardware in the lab. I only have 1 other router with at/greater hardware specifications as the device under test, so I was attempting the multiple tunnel approach to compare the performance specs of 1 tunnel on the DUT versus 10,20,30,etc tunnels.

mattiaseriksson Sat, 07/28/2007 - 05:12

Just add lots of networks to each side, you will end up with many SA:s, which is virtually the same as multiple "tunnels".

Actions

This Discussion