Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple L2L setup on cisco routers problems

Hi All, I have two cisco routers (Cisco 2911 and 871) that I'm trying to establish a L2L VPN  with. Each have a VPN configured to our cooperate office that is up and working. I'm now trying  to establish a site to site VPN from both remote offices. I have my crypto  maps, NoNats, and interesting traffic set up however, I do not even see  phase one come up.

I've attached each config. Most of my site to site  experience is on PIX's and ASA so I'm curious if there is something else I  need to do on my outside interface to allow multiple VPN's?

Can anyone see where I'm going wrong?

Thanks,

Dan

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Multiple L2L setup on cisco routers problems

Hi Dan,

you can only have one crypto map on an interface (just like on Pix/Asa). However that crypto map can have multiple entries.

So on the Scottsdale router, instead of:

crypto map Chandler local-address FastEthernet4

crypto map Chandler 2 ipsec-isakmp

...

!

crypto map Scottsdale local-address FastEthernet4

crypto map Scottsdale 1 ipsec-isakmp

...

you should configure:

crypto map Scottsdale local-address FastEthernet4

crypto map Scottsdale 1 ipsec-isakmp

...

crypto map Scottsdale 2 ipsec-isakmp

...

And of course, a similar change is required on the other router.

hth

Herbert

2 REPLIES
Cisco Employee

Multiple L2L setup on cisco routers problems

Hi Dan,

you can only have one crypto map on an interface (just like on Pix/Asa). However that crypto map can have multiple entries.

So on the Scottsdale router, instead of:

crypto map Chandler local-address FastEthernet4

crypto map Chandler 2 ipsec-isakmp

...

!

crypto map Scottsdale local-address FastEthernet4

crypto map Scottsdale 1 ipsec-isakmp

...

you should configure:

crypto map Scottsdale local-address FastEthernet4

crypto map Scottsdale 1 ipsec-isakmp

...

crypto map Scottsdale 2 ipsec-isakmp

...

And of course, a similar change is required on the other router.

hth

Herbert

New Member

Multiple L2L setup on cisco routers problems

Thanks Herbert that did the trick. That makes perfect sense. I appericate your help!

Dan

826
Views
5
Helpful
2
Replies
CreatePlease login to create content