I don't know if this is the correct place to ask this question, but I hope someone can help.
I would like to know if it is possible to have different encryption/IPSEC/SA schemes on one interface, without using tunneling?
Right now I am using Policy Based Routing to send traffic to different tunnels and applying a different crypto map to each of the tunnels. I see each tunnel wrapped in GRE, with an ESP payload.
Is it possible to define a crypto map so that the traffic all goes out the same interface (get rid of the GRE), but has different Security Association? (My management has asked me to try.) I couldn't figure out how to do it without tunneling, but someone mentioned that it may be possible using the crypto map to encrypt some traffic (eg Port 1041) with one crypto scheme, and other traffic with another.
I hope this makes sense. Thanks in advance for any help you can provide.