Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
916
Views
0
Helpful
2
Replies

ISAKMP Policy - Group2

saquib.tandel
Level 1
Level 1

‎11-22-2011 10:41 PM

Hi

On  a Hub Router can we run two different crypto policy

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp policy 2

encr 3des

hash md5

authentication pre-share

group 2

My 2nd question : Do we need to apply 'Group 2' command in crypto isakmp policy for Dynamic IPSEC VPN ( Hub and spoke both are IOS routers )

I am planning to move a site-2-site vpn from ASA to IOS router.

ASA--------------------------------Router-spokeX   (current working scenario )

ASA - static ip

Router - Dynamic IP

New Plan

Router-hub-----------------Router-spokeX

Router-hub  - static Ip

Router-spokeX - Dynamic IP

Router-Hub already got 3 IPSEC tunnel running where all got static ip

thanks

ST

Labels:
0 Helpful
2 Replies 2

ajay chauhan
Level 7
Level 7

‎11-22-2011 11:35 PM

you can run as many you want but between sites VPN tunnel will be formed based on common policy .Suppose you have 10 remote sites running with diffrent policies and 10 policies you will have to configure on HUB as well.

0 Helpful

saquib.tandel
Level 1
Level 1
In response to ajay chauhan

‎11-23-2011 06:09 AM

Then I guess I got configuration issue for Dynamic IPSEC VPN

0 Helpful
Customers Also Viewed These Support Documents