I am trying to set a VPN router to be the hub for numerous remote site VPN tunnels.
At the moment, one peer is established and passing traffic with no problem.
I have tried to configure an additional tunnel at the main site and debugs on the peer tell me that the policy is not matched.
When I launch the "mirror config" from ASDM, it looks like my config is correct, but I am wondering if I have a fundamental misunderstanding how the hub is supposed to be set up.
When I look at the config of the hub router with ASDM, it shows only one VPN configured and will not allow another VPN to be added.
The transform set is different on the two tunnels and this is where I think my problem lies.
crypto isakmp policy 1
crypto isakmp policy 2
crypto isakmp key xxxxxxxx 21.x.4.3 no-xauth
crypto isakmp key xxxxxxxx 6.x.1.2 no-xauth
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set 1 esp-3des esp-sha-hmac
crypto ipsec transform-set 2 esp-3des esp-md5-hmac
crypto ipsec profile 1
set transform-set To_1
crypto ipsec profile 2
set transform-set To_2
crypto map To_2 ipsec-isakmp
set peer 6.x.x.2
set transform-set 2
match address 101
crypto map To_1 ipsec-isakmp
set peer 126.96.36.199
set transform-set 1
match address 100