cryptomaps

Answered Question
May 14th, 2012

Hi

On my router is is possible to create multiple site to site tunnels to different destinations ? i gather you jsut create multiple cryptomaps and assign them to the outside interface ?

cheers                  

I have this problem too.
0 votes
Correct Answer by olpeleri about 1 year 11 months ago

Too many tunnel interfaces? A Cisco router should be able to handle that. How many spokes are involved?

Design wise you can proceed via many ways:

A) HUB does not need to initiate connections:

==================================

1- Leverage a tunnel type mgre [ on the hub] aka DMVPN. Then we have 1 Multipoint tunnel interface.

2- Use DVTI [ spoke ] / DVTI  [ hub ] with EZVPN

3- Use VTI on spokes + DVTI on hub with a routing protocol

B) HUB need to initiate connections:

============================

use Tunnel protection, one tunnel per spoke.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
punitjethva20 Mon, 05/14/2012 - 03:50

I think crypto maps are an easy Method of configuring, if there will be no multicast traffic between the site which would require VTI.

Sent from Cisco Technical Support iPhone App

olpeleri Mon, 05/14/2012 - 04:11

Hello,

Crypto maps are the old way of configuring VPN. It's always a source of problems when ACL are not symmetrically configured.

U should use tunnel protection [ ipec ipv4 or gre ip]. It's wat simplier to configure / maintain.

Olivier.

carl_townshend Mon, 05/14/2012 - 04:20

is also prefer the vti, they are easier and support multicast, routing protocols etc

punitjethva20 Mon, 05/14/2012 - 04:27

just wondering configuring site-to-site tunnels to different destinations, won't it create many tunnels on the router?

Correct Answer
olpeleri Mon, 05/14/2012 - 04:42

Too many tunnel interfaces? A Cisco router should be able to handle that. How many spokes are involved?

Design wise you can proceed via many ways:

A) HUB does not need to initiate connections:

==================================

1- Leverage a tunnel type mgre [ on the hub] aka DMVPN. Then we have 1 Multipoint tunnel interface.

2- Use DVTI [ spoke ] / DVTI  [ hub ] with EZVPN

3- Use VTI on spokes + DVTI on hub with a routing protocol

B) HUB need to initiate connections:

============================

use Tunnel protection, one tunnel per spoke.

Actions

Login or Register to take actions

This Discussion

Posted May 14, 2012 at 2:57 AM
Stats:
Replies:5 Avg. Rating:5
Views:283 Votes:0
Shares:0
Tags: cryptomaps
+

Related Content

Discussions Leaderboard