cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
826
Views
5
Helpful
5
Replies

cryptomaps

carl_townshend
Spotlight
Spotlight

Hi

On my router is is possible to create multiple site to site tunnels to different destinations ? i gather you jsut create multiple cryptomaps and assign them to the outside interface ?

cheers                  

1 Accepted Solution

Accepted Solutions

Too many tunnel interfaces? A Cisco router should be able to handle that. How many spokes are involved?

Design wise you can proceed via many ways:

A) HUB does not need to initiate connections:

==================================

1- Leverage a tunnel type mgre [ on the hub] aka DMVPN. Then we have 1 Multipoint tunnel interface.

2- Use DVTI [ spoke ] / DVTI  [ hub ] with EZVPN

3- Use VTI on spokes + DVTI on hub with a routing protocol

B) HUB need to initiate connections:

============================

use Tunnel protection, one tunnel per spoke.

View solution in original post

5 Replies 5

Punit Jethva
Level 1
Level 1

I think crypto maps are an easy Method of configuring, if there will be no multicast traffic between the site which would require VTI.

Sent from Cisco Technical Support iPhone App

olpeleri
Cisco Employee
Cisco Employee

Hello,

Crypto maps are the old way of configuring VPN. It's always a source of problems when ACL are not symmetrically configured.

U should use tunnel protection [ ipec ipv4 or gre ip]. It's wat simplier to configure / maintain.

Olivier.

is also prefer the vti, they are easier and support multicast, routing protocols etc

just wondering configuring site-to-site tunnels to different destinations, won't it create many tunnels on the router?

Too many tunnel interfaces? A Cisco router should be able to handle that. How many spokes are involved?

Design wise you can proceed via many ways:

A) HUB does not need to initiate connections:

==================================

1- Leverage a tunnel type mgre [ on the hub] aka DMVPN. Then we have 1 Multipoint tunnel interface.

2- Use DVTI [ spoke ] / DVTI  [ hub ] with EZVPN

3- Use VTI on spokes + DVTI on hub with a routing protocol

B) HUB need to initiate connections:

============================

use Tunnel protection, one tunnel per spoke.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: