I have multiple sites with Cisco 877 routers. These sites are all issued dynamic IP addresses from their ISP's.
In my scenario all sites will have their own unique:
a) Private IP network (10.16.xxx.0/24)
b) Unique isakmp key
I configured one:
crypto isakmp key (uniquekey) address 0.0.0.0 0.0.0.0
crypto dynamic-map (name) 90
set transform-set (name)
match address 109
crypto map (name) 90 ipsec-isakmp dynamic (name)
This works great until I try to add a 2nd configuration using a different isakmp key and crypto map.
To problems:
1) I am unable to configure any additional unique isakmp keys for additional sites. When I try to configuration another key for dynamic I get an error that a key for 0.0.0.0 already exists. I understand this but how do I get around it?
2) I am also unable to configure additional crypto maps. When I add another crypto map specifying dynamic it does not show up.
I currently have 8 static remote sites configured. Have not had any problems for 2 years. I am just now having to deal with sites using dynamic IP's and want to be able to create each site as a unique key and map entity with the ability to use dynamic IP's.
I have attached a very simple diagram showing my network relationship.
2691v at main office (12.3(1a))
877's at remote offices (12.3(14)-YT1)
Any help, suggestions or configuration examples would be appreciated.
Thanks,
Danny Mc?