Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
448
Views
5
Helpful
5
Replies

Single peer address for several vpn peers.

mfawehin
Level 1
Level 1

‎03-04-2009 06:30 AM - edited ‎03-04-2019 03:48 AM

Hi everyone,

I apologise for posting this thread in this forum. I have also posted it in the vpn forum but find I always get a much quicker response here.

I wonder if anyone can help me please. I am setting up vpn tunnels between my site and 3 other sites (there is no connectivity required between these 3 sites).

I am using a Cisco 7301 as my endpoint and have a single IP address that all three sites have to use as their peer address to connect with my site.

Please help with the configuration of this, I am told it is possible to configure this but would like some assistance, any sample configs or pointers in the right direction will be gratefully received.

Cheers,

Martha

Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-04-2009 07:19 AM

Hello Martha,

on your side you need to configure a crypto map with three blocks

something like

crypto isakmp key shared_pwd_C1 address public-peer-1

crypto isakmp key shared_pwd_C2 address public-peer-2

crypto isakmp key shared_pwd_C3 address public-peer-3

then three blocks with different sequence number like

crypto map VPN_MAP 1000 ipsec-isakmp

description peer1

set peer public-peer-1

set transform-set AES128

match address 2059

reverse-route

crypto map VPN_MAP 1010 ipsec-isakmp

description peer2

set peer public-peer-2

set transform-set AES128

match address 2060

reverse-route

crypto map VPN_MAP 1030 ipsec-isakmp

description peer3

set peer public-peer-3

set transform-set AES128

match address 2061

reverse-route

the crypto map is then applied on the outgoing interface

see

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_vpn_ipsec_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1047631

you need also to define the transform set that specify what encryption to use

Hope to help

Giuseppe

mfawehin
Level 1
Level 1
In response to Giuseppe Larosa

‎03-04-2009 10:16 PM

Wow, as always Giuseppe thank you for your comprehensive, examplary post. I will amend the sample you sent and let you know how I get on. Again, many thanks, Martha.

0 Helpful

mfawehin
Level 1
Level 1
In response to Giuseppe Larosa

‎03-04-2009 10:56 PM

Giuseppe, what does the reverse-route command achieve?

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to mfawehin

‎03-05-2009 12:00 AM

Hello Martha,

I took this example from my production network with some changes.

the reverse-route command provides reverse-route injection that allows to create static routes to remote site during the ipsec tunnel is up.

We have a Stateful IPsec pair or routers that are two C7206VXR with NPE-G2 and 12.4(20)T advance_enterprise

I think the command can help in a redundant environment

see

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_r2.html#wp1040683

if I remember correctly you are going to use a PIX pair I'm not sure the command is available.

Hope to help

Giuseppe

0 Helpful

mfawehin
Level 1
Level 1
In response to Giuseppe Larosa

‎03-05-2009 01:20 AM

Thanks Giuseppe.

The pair is actually 7301 routers so I'll check but I'm almost certain it'll be fine.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card