Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

problem with multiple vpn site-to-site

Hi, I have 3 vpn connections main-site1 and site2, but I don't have traffic between the site1 and site2

main site

interface Ethernet0/0

nameif outside

security-level 0

ip address 192.168.16.2 255.255.255.252

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.160.252.16 255.255.255.0

access-list 150 extended permit ip any any

access-list 155 extended permit ip any any

global (outside) 1 interface

nat (inside) 0 access-list 150

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 192.168.16.1

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map Outside_map 20 match address 155

crypto map Outside_map 20 set peer 172.16.16.194 172.16.16.170

crypto map Outside_map 20 set transform-set ESP-AES-256-SHA

crypto map Outside_map interface outside

crypto isakmp identity hostname

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

tunnel-group 172.16.16.170 type ipsec-l2l

tunnel-group 172.16.16.170 ipsec-attributes

pre-shared-key 123

tunnel-group 172.16.16.194 type ipsec-l2l

tunnel-group 172.16.16.194 ipsec-attributes

pre-shared-key 123

site1

interface Ethernet0/0

nameif inside

security-level 100

ip address 10.160.237.14 255.255.255.0

!

interface Ethernet0/1

nameif outside

security-level 0

ip address 172.16.16.194 255.255.255.248

access-list 150 extended permit ip any any

access-list 155 extended permit ip any any

global (outside) 1 interface

nat (inside) 0 access-list 150

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 172.16.16.193

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map 20 match address 155

crypto map outside_map 20 set peer 192.168.16.2

crypto map outside_map 20 set transform-set ESP-AES-256-SHA

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

tunnel-group 192.168.16.2 type ipsec-l2l

tunnel-group 192.168.16.2 ipsec-attributes

pre-shared-key 123

site2

interface Vlan1

nameif inside

security-level 100

ip address 10.160.232.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 172.16.16.170 255.255.255.248

access-list inside_nat0_outbound extended permit ip any any

access-list outside_cryptomap_20 extended permit ip any any

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 172.16.16.169

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map Outside_map 20 match address outside_cryptomap_20

crypto map Outside_map 20 set peer 192.168.16.2

crypto map Outside_map 20 set transform-set ESP-AES-256-SHA

crypto map Outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

tunnel-group 192.168.16.2 type ipsec-l2l

tunnel-group 192.168.16.2 ipsec-attributes

pre-shared-key 123

3 REPLIES

Re: problem with multiple vpn site-to-site

New Member

Re: problem with multiple vpn site-to-site

Thank you, I will test it

also I have other problems when the VPN fails

lasts much to establish the connection again I need to reset the equiment of the services provider.

Any Idea

New Member

Re: problem with multiple vpn site-to-site

we have a similar issue...it related to the access list configure...it's different when u use remote access VPN or site-to-site VPN...

136
Views
0
Helpful
3
Replies
CreatePlease login to create content