Hi,
R1 have one interface & R2 have 2 interfaces, all interface are accessible from Internet.
Curently managed to build IPSEC between R1 & R1 on inteface one.
For redundancy I would like to build dual tunnel between 2 sites. It mean router R1 cryptom map will have two peers to different interface IP.
Will it work for both manual IPSEC and IKE mode ? or it just work for IKE only ?
I try on the manual IPSEC, it does not work and error message of duplicate sa appear.
Thanks
ROUTER 1
----------
crypto map Node15 21 ipsec-manual
set peer 203.92.2.A
set session-key inbound esp 303 cipher xxxxx authenticator xxxxx
set session-key outbound esp 302 cipher xxxxx authenticator xxxxx
set transform-set ESP_md5_des
match address 121
crypto map Node15 22 ipsec-manual
set peer 203.92.2.B
set session-key inbound esp 403 cipher xxxxx authenticator xxxxxx
set session-key outbound esp 402 cipher xxxxx authenticator xxxxx
set transform-set ESP_md5_des
match address 121
interface fas0/0
cypto map Node15
ROUTER 2
------------
crypto map Node16 21 ipsec-manual
set peer 203.92.1.A
set session-key inbound esp 302 cipher xxxxx authenticator xxxxx
set session-key outbound esp 303 cipher xxxxxx authenticator xxxxx
set transform-set ESP_md5_des
match address 121
crypto map Node16 22 ipsec-manual
set peer 203.92.1.A
set session-key inbound esp 402 cipher xxxxx authenticator xxxxx
set session-key outbound esp 403 cipher xxxxx authenticator xxxxx
set transform-set ESP_md5_des
match address 121
interface fas0/1
cypto map Node16
interface fas0/2
cypto map Node16