I have a setup like this. Location A, B on one side of a MPLS cloud and locations C and D on the other side.The intention is to create an IPSec tunnel from A to C and D and also from B to C and D. In case of local loop failure to the cloud, location B traffic will come to Location A and pass through the tunnel and vice versa. Similarly Location C traffic will come to location D and pass through the tunnel, vice versa.
I would need help in configuring the crypto access lists. Should i create a seperate access list for each source - destination pair in all the routers to comply with the mirror rule?
Thanks for your response.I have attached a diagram depicting the setup. The tunnel end point is unique for each location.The identifying addres for the tunnel for each location will be a loopback address.So,as per the diagram LOC A- LOC tunnel and LOC B- LOC C tunnel will terminate with the loopback address 10.100.30.1. Similarly tunnels to LOC D will terminate with the loopback address 10.100.40.1.This is to ensure that the traffic takes the optimum route.
The configuration what i envisage is using unique access lists for each pair of locations and using all the access lists in all locations.But depending on the destination, the 'set peer' command will specify different loopback addresses.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :