Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can I configure multiple IPSec tunnels on the same physical IP interface

Dear All,

, Basically, I am trying to configure 2 IPSec tunnels, one with GRE but the other one without GRE. Can you please help check the following configuration for me ? Thanks ! :-)

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key aicentgrxdigi address 203.208.128.120

crypto isakmp key digi-maxis address (remote Maxis IPSec peer IP address)

!

crypto ipsec transform-set Aicent esp-des esp-md5-hmac

!

crypto map ToAicent 10 ipsec-isakmp

set peer 203.208.128.120

set transform-set Aicent

match address 101

!

crypto map ToAicent 20 ipsec-isakmp

set peer (remote Maxis IPSec peer IP address)

set transform-set Aicent

match address 102

!

interface Tunnel0

ip address x.x.x.145 255.255.255.252

tunnel source 203.92.154.1

tunnel destination 203.208.128.120

crypto map ToAicent

!

interface FastEthernet0/0

description LAN||N|100|100||SDCIGW FE1/0||| Connection to 7206VXR

ip address x.x.x.1 255.255.255.252

duplex auto

speed auto

crypto map ToAicent

!

access-list 101 permit gre host 203.92.154.1 host 203.208.128.120

access-list 102 permit (local DiGi MMSC host/subnet IP address) (remote Maxis MMSC host/subnet IP address)

!

ip route 0.0.0.0 0.0.0.0 203.92.154.2

ip route (remote Maxis MMSC host/subnet IP address) (remote Maxis IPSec peer IP address)

!

8 REPLIES
New Member

Re: Can I configure multiple IPSec tunnels on the same physical

Hi,

We are using GRE tunneling by default and have linked the same crypto map to both the physical and tunnel interface.

let me know in case you need more info.

Regards, Martijn

New Member

Re: Can I configure multiple IPSec tunnels on the same physical

Thank you for your prompt reply...

But, what I mean is that I already have one GRE over IPSec working. But, what should I do if I need to configure another IPSec without GRE tunnel on the same physical interface. Please help

New Member

Re: Can I configure multiple IPSec tunnels on the same physical

just creat another cryto map using another seq number for your IPSEC tunnel without using GRE tunneling ?

New Member

Re: Can I configure multiple IPSec tunnels on the same physical

Yep, that is exactly what I did in my configuration that I showed in the first place, please check it. IT does not work....Look forward to hear from you soon.

New Member

Re: Can I configure multiple IPSec tunnels on the same physical

use the troubleshooting steps advised in the "troubleshooting IPSEC" doc on cisco.com:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml

up to which step does it work ?

Regards, Martijn

New Member

Re: Can I configure multiple IPSec tunnels on the same physical

Basically, no SA is succesfull when I tried what you suggested. Can I have your email address for further discussion tomorrow ?

New Member

Re: Can I configure multiple IPSec tunnels on the same physical

I am willing to contact you by e-mail in case you post your e-mailaddress in this forum.

Let's also post the outcome in this forum for knowledge sharing purposes.

Regards, Martijn

New Member

Re: Can I configure multiple IPSec tunnels on the same physical

Hi,

I might be missing something ,but I can't see any route that uses tunnel interface as next-hop. So It seems like your all traffic ( for both remote sites) goes out from Fastethernet, not tunnel interface. So how is it working?

1756
Views
0
Helpful
8
Replies
CreatePlease login to create content