Mixing Dynamic and 1:1 Crypto Co-existing Happily

Unanswered Question
Oct 16th, 2008
User Badges:

I setup a crypto keyring to deal with SOHO networks with changing ISP assigned addresses. But in doing so I found that my "regular" 1:1 peering setups started failing once their tunnels tried to rekey. So I setup a profile separate key ring for the 1:1 peer (which needs to have a different key from the SOHOs).

Anyhow - I have succeeded in breaking my 1:1 crypto maps. :-( Anyone know the mojo for having dynamic and 1:1 cryptomaps on one hub router?

crypto keyring spoke

pre-shared-key address key yabadabadoo

crypto isakmp profile DynamicL2L

description dynamic LAN-to-LAN to spoke router

keyring spoke

match identity address

crypto isakmp profile troublesome

keyring tunnel1

match identity address

crypto map MYMAP 10 ipsec-isakmp

set peer

set transform-set transformer

set isakmp-profile troublesome

match address 166

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion