cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
255
Views
0
Helpful
1
Replies

1 crypto map over 2 interfaces?

fredj1234
Level 1
Level 1

Hi all,

I was wondering if it was possible to apply one crypto map to two interfaces (each interface being a different isp). For example use something smiliar to this:

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to 1.1.1.1

set peer 1.1.1.1

set transform-set TS

match address 101

crypto map SDM_CMAP_1 2 ipsec-isakmp

description Tunnel to 2.2.1.1

set peer 2.2.1.1

set transform-set TS

match address 102

!

interface s0

no ip address

crypto map SDM_CMAP_1

interface s1

no ip address

crypto map SDM_CMAP_1

Could this work based under the assumption that my route maps and routing was already set properly?

If this is incorrect, what is the best practice for routing vpn as a failover on 2 isp?

TIA, Fred.

1 Reply 1

pathgroup
Level 1
Level 1

I have personally never tried this, but according to Cisco this should work fine. Here is a llink to information on how it works and how to set it up: http://www.cisco.com/en/US/docs/net_mgmt/vpn_solutions_center/2.1/ip_security/provisioning/guide/IPsecPGB.html

The section you need is under Crypto Map Local-Address. Hope this helps. Thanks! Jason

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: