Multiple site-to-site vpn configuration

Answered Question
Jul 16th, 2008

I'm able to successfully create two different ipsec tunnels and I need them to both be operational at the same time. However, when I "crypto map" to the outside (physical) interface of my PIX 515, only one of them is operational at once. The tunnels go to two different locations, different peers and different shared keys. Do I need to setup a logical interface and map to that for each or what? Any help is appreciated. I apologize if I didn't spend enough time searching the forum for a answer, but I did try :-). If you could point me to a configuration example for this, that'd be great. Thanks in advance for your help.

Mike

I have this problem too.
0 votes
Correct Answer by a.alekseev about 8 years 4 months ago

use different sequence-numbers for different vpns.

crypto map outside_map 10 match address outside_10_cryptomap

crypto map outside_map 10 set peer 192.168.10.10

crypto map outside_map 10 set transform-set ESP-3DES-SHA

crypto map outside_map 20 match address outside_20_cryptomap

crypto map outside_map 20 set peer 192.168.20.20

crypto map outside_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map interface outside

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
a.alekseev Wed, 07/16/2008 - 11:50

use different sequence-numbers for different vpns.

crypto map outside_map 10 match address outside_10_cryptomap

crypto map outside_map 10 set peer 192.168.10.10

crypto map outside_map 10 set transform-set ESP-3DES-SHA

crypto map outside_map 20 match address outside_20_cryptomap

crypto map outside_map 20 set peer 192.168.20.20

crypto map outside_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map interface outside

Actions

This Discussion