Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4622
Views
0
Helpful
8
Replies

Can I configure multiple IPSec tunnels on the same physical IP interface

tj6512
Level 1
Level 1

‎11-04-2003 06:35 PM - edited ‎02-21-2020 12:51 PM

Dear All,

, Basically, I am trying to configure 2 IPSec tunnels, one with GRE but the other one without GRE. Can you please help check the following configuration for me ? Thanks ! :-)

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key aicentgrxdigi address 203.208.128.120

crypto isakmp key digi-maxis address (remote Maxis IPSec peer IP address)

!

crypto ipsec transform-set Aicent esp-des esp-md5-hmac

!

crypto map ToAicent 10 ipsec-isakmp

set peer 203.208.128.120

set transform-set Aicent

match address 101

!

crypto map ToAicent 20 ipsec-isakmp

set peer (remote Maxis IPSec peer IP address)

set transform-set Aicent

match address 102

!

interface Tunnel0

ip address x.x.x.145 255.255.255.252

tunnel source 203.92.154.1

tunnel destination 203.208.128.120

crypto map ToAicent

!

interface FastEthernet0/0

description LAN||N|100|100||SDCIGW FE1/0||| Connection to 7206VXR

ip address x.x.x.1 255.255.255.252

duplex auto

speed auto

crypto map ToAicent

!

access-list 101 permit gre host 203.92.154.1 host 203.208.128.120

access-list 102 permit (local DiGi MMSC host/subnet IP address) (remote Maxis MMSC host/subnet IP address)

!

ip route 0.0.0.0 0.0.0.0 203.92.154.2

ip route (remote Maxis MMSC host/subnet IP address) (remote Maxis IPSec peer IP address)

!

Labels:
0 Helpful
8 Replies 8

MMostert
Level 1
Level 1

‎11-04-2003 11:42 PM

Hi,

We are using GRE tunneling by default and have linked the same crypto map to both the physical and tunnel interface.

let me know in case you need more info.

Regards, Martijn

0 Helpful

tj6512
Level 1
Level 1
In response to MMostert

‎11-05-2003 01:07 AM

Thank you for your prompt reply...

But, what I mean is that I already have one GRE over IPSec working. But, what should I do if I need to configure another IPSec without GRE tunnel on the same physical interface. Please help

0 Helpful

MMostert
Level 1
Level 1
In response to tj6512

‎11-05-2003 01:20 AM

just creat another cryto map using another seq number for your IPSEC tunnel without using GRE tunneling ?

0 Helpful

tj6512
Level 1
Level 1
In response to MMostert

‎11-05-2003 01:32 AM

Yep, that is exactly what I did in my configuration that I showed in the first place, please check it. IT does not work....Look forward to hear from you soon.

0 Helpful

MMostert
Level 1
Level 1

‎11-05-2003 01:52 AM

use the troubleshooting steps advised in the "troubleshooting IPSEC" doc on cisco.com:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

up to which step does it work ?

Regards, Martijn

0 Helpful

tj6512
Level 1
Level 1
In response to MMostert

‎11-05-2003 02:10 AM

Basically, no SA is succesfull when I tried what you suggested. Can I have your email address for further discussion tomorrow ?

0 Helpful

MMostert
Level 1
Level 1
In response to tj6512

‎11-05-2003 02:43 AM

I am willing to contact you by e-mail in case you post your e-mailaddress in this forum.

Let's also post the outcome in this forum for knowledge sharing purposes.

Regards, Martijn

0 Helpful

nihal.akbulut
Level 1
Level 1
In response to MMostert

‎11-05-2003 06:38 AM

Hi,

I might be missing something ,but I can't see any route that uses tunnel interface as next-hop. So It seems like your all traffic ( for both remote sites) goes out from Fastethernet, not tunnel interface. So how is it working?

0 Helpful
Customers Also Viewed These Support Documents