Crypto Map Question For VPN Gateway Router

Answered Question
Jul 8th, 2009
User Badges:

I'm in the process of moving my VPN environment to 2811 routers. I am moving one vendor over tomorrow that has two sources that need to connect to each of our IPs, these inside IPs are NAT'd to the real IPs at the firewall behind the router. I know I will find out tomorrow, but thought I would see if anyone saw a problem with this ACL used for the crypto map, would there be an issue having multiple sources (50.50.50.1 and .2 in file) connecting to same destinations? The IPs in this file are not the actual production IPs. Thanks.



Correct Answer by Jon Marshall about 7 years 10 months ago

If i understand you correctly, no it shouldn't be a problem at all. Each entry in your crypto map acl will create a separate pair of IPSEC SA's and there is no duplication.


Let me know if i have misunderstood your question.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 07/08/2009 - 13:25
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

If i understand you correctly, no it shouldn't be a problem at all. Each entry in your crypto map acl will create a separate pair of IPSEC SA's and there is no duplication.


Let me know if i have misunderstood your question.


Jon

venom43212 Wed, 07/08/2009 - 13:58
User Badges:

Hey Jon, you understood correctly and confirmed what I thought. Thanks.



Actions

This Discussion