Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

multiple site to site and site to client vpn

I have a cisco pix 5.15 with 6.1(4) ios. I have implemeted vpn for my mobile users and it is working fine. Now i need to implement site to site with three of remote offices. Should i create three different crypto and isamkp authentication like

crypto ipsec transform-set set1 esp-des esp-md5-hmac

crypto ipsec transform-set set2 esp-des esp-md5-hmac

crypto ipsec transfrom-set set4 esp-des esp-md5-hmac

for there three site to site vpn and create three different crypto maps to associate with three transform set and three different isamkp policy for each and every site? and a fourth one with dynamic crypto and policy for remote client to connect?

Is this the way to configure ?

Can someone advice me how to proceed.

Thanks in Advance

2 REPLIES
Cisco Employee

Re: multiple site to site and site to client vpn

Hi,

You donot have to define seperate transform sets for each IPSec tunnel, kindly look at the config for the Central PIX in the following sample: http://www.cisco.com/warp/public/110/pixhubspoke.html

Additionally you can only have one crypto map applied per Interface so you will use the same crypto map name but with difference instance number. Client and Site to Site on PIX can be implemented as per the following:

http://www.cisco.com/warp/public/110/pixpixvpn.html

Hope this helps,

Regards,

Aamir

-=-=-

Community Member

Re: multiple site to site and site to client vpn

Thanks a lot.

In this case is it enought if i have one policy defined. For Eg currently i have

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap client authentication authinbound

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

For my remote clients to connect to the central site. Now if i want to have site to site then i will define crypto map with different instance number say for eg 20. Should i create isakmp policy 20 authenticaion pre-share .... des,md5 for the new crypto map?

Thanks in Advance

147
Views
5
Helpful
2
Replies
CreatePlease to create content