Mixing Dynamic and 1:1 Crypto Co-existing Happily

Unanswered Question
Oct 16th, 2008

I setup a crypto keyring to deal with SOHO networks with changing ISP assigned addresses. But in doing so I found that my "regular" 1:1 peering setups started failing once their tunnels tried to rekey. So I setup a profile separate key ring for the 1:1 peer (which needs to have a different key from the SOHOs).

Anyhow - I have succeeded in breaking my 1:1 crypto maps. :-( Anyone know the mojo for having dynamic and 1:1 cryptomaps on one hub router?

crypto keyring spoke

pre-shared-key address 0.0.0.0 0.0.0.0 key yabadabadoo

crypto isakmp profile DynamicL2L

description dynamic LAN-to-LAN to spoke router

keyring spoke

match identity address 0.0.0.0

crypto isakmp profile troublesome

keyring tunnel1

match identity address 10.5.4.1 255.255.255.255

crypto map MYMAP 10 ipsec-isakmp

set peer 10.5.4.1

set transform-set transformer

set isakmp-profile troublesome

match address 166

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion