What I'm trying to configure is site-to-site VPN R5-R1 and site-to-site VPN R3-R1. The main problem is that interface f0/0 of R5 has dynamiclly assigned IP address and it is being changed once a day (is just lab topology so just for now I assigned static IP of int f0/0 of R5) . R3 has static public IP.
The idea was to use isakmp profiles, so my configuration was like this (attached just R1, R3 and R5 using standard site-to-site vpn configuration)
"To uniquely map to an ISAKMP profile, no two ISAKMP profiles should match the same identity. If the peer identity is matched in two ISAKMP profiles, the configuration is invalid."
And in my topology R3 matches to both profiles ! So i can not find a solution to this problem. Changing sequence of Profile configuration is not an answer, because when I would need to add another site-to-site VPN I would need to delete PROFIL_R5, add new profile and then add PROFIL_R5 again.
In article above i didn't find an information how router checks multiple profiles (first match ? best match? last match?). Can anybody gives me a clue how to set up my topology correctly ?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...