This works great until I try to add a 2nd configuration using a different isakmp key and crypto map.
1) I am unable to configure any additional unique isakmp keys for additional sites. When I try to configuration another key for dynamic I get an error that a key for 0.0.0.0 already exists. I understand this but how do I get around it?
2) I am also unable to configure additional crypto maps. When I add another crypto map specifying dynamic it does not show up.
I currently have 8 static remote sites configured. Have not had any problems for 2 years. I am just now having to deal with sites using dynamic IP's and want to be able to create each site as a unique key and map entity with the ability to use dynamic IP's.
I have attached a very simple diagram showing my network relationship.
2691v at main office (12.3(1a))
877's at remote offices (12.3(14)-YT1)
Any help, suggestions or configuration examples would be appreciated.
Re: LAN-to-LAN VPN w/ Multiple Dynamic IP Remote Routers
Have you tried adding the new locations onto the existing dynamic group ?
Becoz i think you wont be able to create another dynamic map since you have got one already in place out there serving your mobile/dynamic users.
if you want them to be treated as a seperate entity with seperate key and transform set then the only way out would be going for static ips at the remote location by doing like that you have the freedom of creating seperate statement numbers under the same crypto map in the main office with respect to different remote locations.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...