I need to create a 2nd site to site VPN to a JUNIPER device.
Here is the existing VPN config:
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map Outside_map 20 match address Outside_20_cryptomap
crypto map Outside_map 20 set peer 188.8.131.52
crypto map Outside_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
tunnel-group 184.108.40.206 type ipsec-l2l
tunnel-group 220.127.116.11 ipsec-attributes
what I want to add: I think!
Access-list public remark for HABAND site to site VPN
Access-list public extended permit ip 163.x.x.0 255.255.255.0 10.16.0.0 255.255.0.0
Crypto ipsec transform-set mine esp-3des esp-sha-hmac
Crypto map Outside-map 10 ipsec-isakmp
Crypto map Outside-map 10 match address 105
Crypto map Outside-map 10 set peer 18.104.22.168
Crypto map Outside-map 10 set transform-set nsset
Crypto map Outside-map interface Outside
Crypto Isakmp enable Outside
Crypto isakmp policy 15
Isakmp kkey ****
address 22.214.171.124 Netmask 255.255.255.255
authentication pre share
static (Inside,Outside) 126.96.36.199 10.16.0.0 netmask 255.255.0.0
1st, do I just need the 2nd policy because the interface is already defined?
I have a NAT statment, but I really want PAT, is it still ok?