Crypto Map Question For VPN Gateway Router

Answered Question
Jul 8th, 2009

I'm in the process of moving my VPN environment to 2811 routers. I am moving one vendor over tomorrow that has two sources that need to connect to each of our IPs, these inside IPs are NAT'd to the real IPs at the firewall behind the router. I know I will find out tomorrow, but thought I would see if anyone saw a problem with this ACL used for the crypto map, would there be an issue having multiple sources (50.50.50.1 and .2 in file) connecting to same destinations? The IPs in this file are not the actual production IPs. Thanks.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 6 months ago

If i understand you correctly, no it shouldn't be a problem at all. Each entry in your crypto map acl will create a separate pair of IPSEC SA's and there is no duplication.

Let me know if i have misunderstood your question.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 07/08/2009 - 13:25

If i understand you correctly, no it shouldn't be a problem at all. Each entry in your crypto map acl will create a separate pair of IPSEC SA's and there is no duplication.

Let me know if i have misunderstood your question.

Jon

venom43212 Wed, 07/08/2009 - 13:58

Hey Jon, you understood correctly and confirmed what I thought. Thanks.

Actions

This Discussion