Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple Site to Site Tunnels

I have to setup a router with multiple site to site tunnels.  I already have one of the tunnels established.  The subnets at each branch office will NOT overlap.

I am using NAT Overload w/static nat translations, I have a route map to except vpn traffic from the nat process.

crypto map intmap 5 ipsec-isakmp
set peer <Branch Office A>
set transform-set trans1
match address 130

route-map rock permit 10
match ip address 123
set ip next-hop 1.1.1.2
!
route-map nonat permit 10
match ip address 110

How do I add a crypto map that will do Branch Office B?

Everyone's tags (5)
4 REPLIES
Silver

Re: Multiple Site to Site Tunnels

same as the first just increase the process number.  You have 5, use 10:

crypto map intmap 10 ipsec-isakmp

set peer

New Member

Re: Multiple Site to Site Tunnels

Cool beans, that is what I thought.

Are there any caveats or best practices?  Should I expect to be able to route branch to branch traffic through the HQ? Or should I setup separate tunnels for that?

Silver

Re: Multiple Site to Site Tunnels

Honestly, the best set-up for what I think you are looking for is DMVPN.  http://www.cisco.com/en/US/products/ps6658/index.html

This allows you to build dynamic tunnels between offices without hair-pin routing via the Hub.  After the traffic stops between site to site it will tear the tunnel back down based on the timers you set-up.  This is accomplished via NHRP, with is a table that holds are next hops of all te tunnels.  So for instance site A wants to talk to site F.  Site A will send a look-up to the Hub asking for this info.  The hub will respond and site A and F will negotiate a tunnel.

Silver

Re: Multiple Site to Site Tunnels

595
Views
0
Helpful
4
Replies