Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

best implementation for crypto tunnels?


I have a Cisco 2621 running IPPlus IPSec56 with a 1710 and 1720 connecting to it with crypto Ipsec tunnels. I have recently had some problems and have found in troubleshooting there are different ways to configure this setup and would like to know the recommended way.

Where 2 peers will be referenced in my crypto maps on the 2621, is it best to have the map listed twice(with separte priorities-same map name) for each peer and a seperate ACL for each map priority? or better to have each peer listed in the same map priority and have a single ACL that includes both peers' networks?

Also, would there be any problems(such as routing loops) in listing the 'other' 2 peers on each of my 3 routers?




Re: best implementation for crypto tunnels?

Often times complex configuration issues are best addressed in an interactive session with one of our trained technical assistance engineers. While other forum users may be able to help, it’s often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit and to open a case with one of our TAC engineers, visit

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

New Member

Re: best implementation for crypto tunnels?

Really? Is this generic respone automatically posted after a certain amount of time?

I didn't think my post was that complex. I listed 2 ways of doing what i was doing and asked for the recommended way. Encrypted data tunnels in both hub and spoke and mesh configurations ahve to be fairly common as there exists many articles on this from router to router. I just haven't seen articles on the mesh configuration with lower series hardware like i'm using (2621, 1720, 1721).

Please help.

Thank you,


CreatePlease to create content