Crypto map question

Unanswered Question
Mar 10th, 2008
User Badges:
  • Community Spotlight Award,

    Spanish Member's Choice: May 2016

Hi

If I have 2 crypto maps defined on my pix. Traffic of my first crypto map goes for tunnel 1 & traffic of my second interface goes for tunnel2.

I can't apply the command crypto map CCS interface outside & crypto map PLC interface outside.

I am able to apply only one.

How can I do to use both crypto maps?


crypto ipsec transform-set my_PLC esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 86400

crypto map PLC 30 ipsec-isakmp

crypto map PLC 30 match address PLC

crypto map PLC 30 set peer 10.10.10.1

crypto map PLC 30 set transform-set my_PLC

crypto map PLC interface outside

isakmp key ******* address 10.10.10.1 netmask 255.255.255.255

isakmp identity address

isakmp policy 30 authentication pre-share

isakmp policy 30 encryption 3des

isakmp policy 30 hash md5

isakmp policy 30 group 2

isakmp policy 30 lifetime 86400

crypto ipsec transform-set my_ccs esp-3des esp-md5-hmac

crypto ipsec security-association lifetime seconds 86400

crypto map CCS 20 ipsec-isakmp

crypto map CCS 20 match address CCS

crypto map CCS 20 set peer 20.20.20.1

crypto map CCS 20 set transform-set my_ccs

crypto map CCS interface outside

isakmp key ****** address 20.20.20.1 netmask 255.255.255.255

isakmp identity address

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
wasiimcisco Mon, 03/10/2008 - 07:19
User Badges:

Only one crypto map can be applied on one interface only in one direction. But one map can contain multiple profile with different sequence number.


You have to make

crypto map PLC 30 ipsec-isakmp

crypto map PLC 30 match address PLC

crypto map PLC 30 set peer 10.10.10.1

crypto map PLC 30 set transform-set my_PLC



crypto map PLC 31 ipsec-isakmp

crypto map PLC 31 match address PLC

crypto map PLC 31 set peer 10.10.10.1

crypto map PLC 31 set transform-set my_PLC


and then apply the map on outside interface.



crypto map PLC interface outside

This is will work. Bcz i have tried it so many times.


If this will work please rate the post.

Actions

This Discussion