L2L VPN connection-type with multiple peers in both sides

Unanswered Question
Mar 19th, 2008
User Badges:

Hi tech guys. We have a problem with the connection-type (aka vpn initiator) due to we have two peers (two isp) in both sides of the vpn tunnel...

We need to find a way to can get a one-way initiator vpn. That's easy with only one side with dual isp, dual isp side is answer-only and the single isp side is originate-only, but it become a problem when the single isp side upgrades to dual isp.

It's possible to add a second crypto map setting for the same traffic, the same encryption, but different policy and peer and also as ANSWER-ONLY?

eg.

Cryto map for the first peer...

crypto map outside_map 20 match address outside_20_cryptomap (Same traffic)

crypto map outside_map 20 set connection-type answer-only

crypto map outside_map 20 set peer xxx.xxx.xxx.xxx (Primary ISP for the remote side)

crypto map outside_map 20 set transform-set ESP-3DES-SHA


Cryto map for the second peer...

crypto map outside_map 25 match address outside_20_cryptomap (Same traffic)

crypto map outside_map 25 set connection-type answer-only

crypto map outside_map 25 set peer xxx.xxx.xxx.xxx (Second ISP for the remote side)

crypto map outside_map 25 set transform-set ESP-3DES-SHA


Please help to see if it is possible, thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
irisrios Tue, 03/25/2008 - 09:18
User Badges:
  • Silver, 250 points or more

Crypto map with different Ids is the way to create multiple crypto maps. This is a working configuration

Actions

This Discussion