Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Two IPSEC TUNNELS destined for two different ip address but for same INTERF

How to terminate two ipsec tunnels destined for two different ip address but for the same interface of the forewall.

Actually one of our customer is shifting from ISDN to LEASED LINE and the problem is the service provider here provides different ip addresse range for each type of service.But for our customer it is vert difficult to tell all of his users that from now to own you should some other IP for the VPN, so to make this change seemless to the end users or to make this change slowly ,wt can we do,

One thing that comes in our mind is to assign two ip address to outside interface so that same interface will terminate the VPN Tunnel orignating for two different IP address.

OR if any body have any other solution then pleasle let me know, i'll be very thank full to u.

sameer

2 REPLIES
Cisco Employee

Re: Two IPSEC TUNNELS destined for two different ip address but

You can have 2 IPSec tunnels terminating on the same interface, as long as the match address is different;

eg;

1st peer: crypto map cisco 10 --> IPSec b/w 10.1.1.0 and 20.1.1.0

2nd peer: crypto map cisco 20 --> IPSec b/w 10.1.1.0 and 30.1.1.0

Alternatively, you can terminate the 2 IPSec tunnels on seperate interfaces, 1 on outside and another on DMZ.

HTH

R/Yusuf

New Member

Re: Two IPSEC TUNNELS destined for two different ip address but

Also you could use virtual interfaces such as tunnel interfaces. So each tunnel interface has a seperate IP address but the traffic is routed through one physical interface.

99
Views
0
Helpful
2
Replies
CreatePlease to create content