Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mixing Dynamic and 1:1 Crypto Co-existing Happily

I setup a crypto keyring to deal with SOHO networks with changing ISP assigned addresses. But in doing so I found that my "regular" 1:1 peering setups started failing once their tunnels tried to rekey. So I setup a profile separate key ring for the 1:1 peer (which needs to have a different key from the SOHOs).

Anyhow - I have succeeded in breaking my 1:1 crypto maps. :-( Anyone know the mojo for having dynamic and 1:1 cryptomaps on one hub router?

crypto keyring spoke

pre-shared-key address 0.0.0.0 0.0.0.0 key yabadabadoo

crypto isakmp profile DynamicL2L

description dynamic LAN-to-LAN to spoke router

keyring spoke

match identity address 0.0.0.0

crypto isakmp profile troublesome

keyring tunnel1

match identity address 10.5.4.1 255.255.255.255

crypto map MYMAP 10 ipsec-isakmp

set peer 10.5.4.1

set transform-set transformer

set isakmp-profile troublesome

match address 166

110
Views
0
Helpful
0
Replies
CreatePlease login to create content