Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

1 crypto map over 2 interfaces?

Hi all,

I was wondering if it was possible to apply one crypto map to two interfaces (each interface being a different isp). For example use something smiliar to this:

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to 1.1.1.1

set peer 1.1.1.1

set transform-set TS

match address 101

crypto map SDM_CMAP_1 2 ipsec-isakmp

description Tunnel to 2.2.1.1

set peer 2.2.1.1

set transform-set TS

match address 102

!

interface s0

no ip address

crypto map SDM_CMAP_1

interface s1

no ip address

crypto map SDM_CMAP_1

Could this work based under the assumption that my route maps and routing was already set properly?

If this is incorrect, what is the best practice for routing vpn as a failover on 2 isp?

TIA, Fred.

1 REPLY
New Member

Re: 1 crypto map over 2 interfaces?

I have personally never tried this, but according to Cisco this should work fine. Here is a llink to information on how it works and how to set it up: http://www.cisco.com/en/US/docs/net_mgmt/vpn_solutions_center/2.1/ip_security/provisioning/guide/IPsecPGB.html

The section you need is under Crypto Map Local-Address. Hope this helps. Thanks! Jason

132
Views
0
Helpful
1
Replies
CreatePlease login to create content