I need to create a 2nd site to site VPN to a JUNIPER device.
Here is the existing VPN config:
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map Outside_map 20 match address Outside_20_cryptomap
crypto map Outside_map 20 set peer 121.47.181.205
crypto map Outside_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 121.47.181.205 type ipsec-l2l
tunnel-group 121.47.181.205 ipsec-attributes
pre-shared-key *
+++++++++++++++++++++++++++++++++++++
what I want to add: I think!
+++++++++++++++++++++++++++++++++++++
Access-list public remark for HABAND site to site VPN
Access-list public extended permit ip 163.x.x.0 255.255.255.0 10.16.0.0 255.255.0.0
Crypto ipsec transform-set mine esp-3des esp-sha-hmac
Crypto map Outside-map 10 ipsec-isakmp
Crypto map Outside-map 10 match address 105
Crypto map Outside-map 10 set peer 163.48.20.198
Crypto map Outside-map 10 set transform-set nsset
Crypto map Outside-map interface Outside
Crypto Isakmp enable Outside
Crypto isakmp policy 15
Isakmp kkey ****
address 163.48.20.98 Netmask 255.255.255.255
authentication pre share
encryption 3des
hash sha
group 1
lifetime 28800
static (Inside,Outside) 121.129.231.42 10.16.0.0 netmask 255.255.0.0
========================================
1st, do I just need the 2nd policy because the interface is already defined?
I have a NAT statment, but I really want PAT, is it still ok?