cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
615
Views
0
Helpful
5
Replies

vpn 2 peers to 1 peer

Carlos de Armas
Level 1
Level 1

Hello everyone,

I am trying to figure out the following task, if anyone could help me that would be great.

I neet to configure a vpn ipsec with gre between two routers. (R1 and R2).

R2 has:

statis public ip address.

its on another site so i cant change the configuration.

R1 (one my side):

two dialer interfaces with dynamic ip address with one crypto map each.

needs to configure vpn, ipsec and gre to the one peer on the R1 side.

problem: I cant figure out how to use the same peer on both crypto maps on both interfaces.

if someone can help me that would be great.

Regards,

5 Replies 5

Rahul Govindan
VIP Alumni
VIP Alumni

You can use the same crypto map on both the interfaces. This way the same peer will be applied to both interfaces.

What are you trying to achieve with this configuration?

Thank Rahul for your answer.

That still has one problem. I need to have both vpn at the same time and having only one peer as destination forces me to only use one dialer at a time because it needs to be routed and it only uses one dialer in that scenario.

Im trying to achive 2 vpn active at the same time to one peer to split traffic between the two dialers.

You can use an Equal cost load balancing to load balance traffic to the same destination network via both Dialers. But that is not going to be the big problem. Since you want to use 2 Dialers for the same tunnel, the remote peer is going to have 2 tunnels on 1 interface for the same source and destination VPN traffic. By default, it will only pick the first tunnel. So what will happen is that even though you send traffic across 2 tunnels using load balanced routes, traffic will always be returned using the first tunnel from the remote end. You can add a workaround for translating the traffic on your side before hitting the VPN, so that the peer see's the traffic from the 2 tunnels with different source ip addresses. This will allow the peer to route return traffic via both tunnels - hence load balancing it.

I was thinking the same thing, to translate the traffic. But i dont see how to do it. Do you have any example? (i know how to nat etc but i am not noticing how to apply the solution).

I don't think there is an exact guide to do this. But you can use the following guide for NAT with IPsec when you have overlapping subnets:

http://www.cisco.com/c/en/us/support/docs/routers/3800-series-integrated-services-routers/107992-IOSRouter-overlapping.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: