cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
429
Views
0
Helpful
3
Replies

problem with multiple vpn site-to-site

rchaves018
Level 1
Level 1

Hi, I have 3 vpn connections main-site1 and site2, but I don't have traffic between the site1 and site2

main site

interface Ethernet0/0

nameif outside

security-level 0

ip address 192.168.16.2 255.255.255.252

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.160.252.16 255.255.255.0

access-list 150 extended permit ip any any

access-list 155 extended permit ip any any

global (outside) 1 interface

nat (inside) 0 access-list 150

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 192.168.16.1

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map Outside_map 20 match address 155

crypto map Outside_map 20 set peer 172.16.16.194 172.16.16.170

crypto map Outside_map 20 set transform-set ESP-AES-256-SHA

crypto map Outside_map interface outside

crypto isakmp identity hostname

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

tunnel-group 172.16.16.170 type ipsec-l2l

tunnel-group 172.16.16.170 ipsec-attributes

pre-shared-key 123

tunnel-group 172.16.16.194 type ipsec-l2l

tunnel-group 172.16.16.194 ipsec-attributes

pre-shared-key 123

site1

interface Ethernet0/0

nameif inside

security-level 100

ip address 10.160.237.14 255.255.255.0

!

interface Ethernet0/1

nameif outside

security-level 0

ip address 172.16.16.194 255.255.255.248

access-list 150 extended permit ip any any

access-list 155 extended permit ip any any

global (outside) 1 interface

nat (inside) 0 access-list 150

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 172.16.16.193

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map 20 match address 155

crypto map outside_map 20 set peer 192.168.16.2

crypto map outside_map 20 set transform-set ESP-AES-256-SHA

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

tunnel-group 192.168.16.2 type ipsec-l2l

tunnel-group 192.168.16.2 ipsec-attributes

pre-shared-key 123

site2

interface Vlan1

nameif inside

security-level 100

ip address 10.160.232.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 172.16.16.170 255.255.255.248

access-list inside_nat0_outbound extended permit ip any any

access-list outside_cryptomap_20 extended permit ip any any

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 172.16.16.169

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map Outside_map 20 match address outside_cryptomap_20

crypto map Outside_map 20 set peer 192.168.16.2

crypto map Outside_map 20 set transform-set ESP-AES-256-SHA

crypto map Outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

tunnel-group 192.168.16.2 type ipsec-l2l

tunnel-group 192.168.16.2 ipsec-attributes

pre-shared-key 123

3 Replies 3

Thank you, I will test it

also I have other problems when the VPN fails

lasts much to establish the connection again I need to reset the equiment of the services provider.

Any Idea

we have a similar issue...it related to the access list configure...it's different when u use remote access VPN or site-to-site VPN...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: