dual-isp-router / two ipsec tunnels to same location
Hi, here's what I would like to do: I have a router with two public IPs from two different providers. I have TWO inside vlans - Now, I want TWO ipsec tunnels, both to the same location. One tunnel will serve vlan1, the other vlan2. Goal is that users in vlan1 will use the first ipsec tunnel and the bandwidth of the first isp and users in vlan2 will use the other ipsec tunnel and isp2. Current config: --- ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 10 encr aes authentication pre-share group 2 lifetime 28800
crypto isakmp key 1hVBl0J0P3 address 22.214.171.124 ! crypto ipsec transform-set unhq esp-aes esp-sha-hmac ! crypto map Viawan2 10 ipsec-isakmp set peer 126.96.36.199 set security-association lifetime seconds 28800 set transform-set unhq set pfs group2 match address 130 ! crypto map ViaViacom 10 ipsec-isakmp description VPN-USYS-TO-BE01 set peer 188.8.131.52 set security-association lifetime seconds 28800 set transform-set unhq set pfs group2 match address 150 ! ! ! ! interface FastEthernet0 ip address 184.108.40.206 255.255.255.248 crypto map ViaViacom ! interface FastEthernet1 ip address 220.127.116.11 255.255.255.252 ip nat outside crypto map Viawan2
interface Vlan1 ip address 10.38.0.160 255.255.255.0 ip nat inside ip policy route-map defaultroute_wan2 ! interface Vlan3 ip address 10.38.1.161 255.255.255.0 ip policy route-map defaultroute_vivacom ! ip route 0.0.0.0 0.0.0.0 18.104.22.168 10 ip route 0.0.0.0 0.0.0.0 22.214.171.124 100 ! ! ip nat inside source list 160 interface FastEthernet1 overload ! access-list 130 permit ip 10.38.0.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 150 permit ip 10.38.1.0 0.0.0.255 192.168.0.0 0.0.255.255 ! access-list 160 deny ip 10.38.0.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 160 deny ip 10.38.0.0 0.0.0.255 10.48.0.0 0.0.255.255 access-list 160 deny ip 10.38.0.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 160 deny ip 10.38.1.0 0.0.0.255 any access-list 160 permit ip 10.38.0.0 0.0.0.255 any access-list 160 deny ip any any ! access-list 170 remark default route wan2 access-list 170 permit ip 10.38.0.0 0.0.0.255 any access-list 170 deny ip 10.38.1.0 0.0.0.255 any access-list 170 deny ip any any ! access-list 180 remark default route viacom access-list 180 permit ip 10.38.1.0 0.0.0.255 192.168.0.0 0.0.255.255 access-list 180 deny ip 10.38.1.0 0.0.0.255 any access-list 180 deny ip 10.38.0.0 0.0.0.255 any access-list 180 deny ip any any ! ! route-map defaultroute_wan2 permit 10 match ip address 170 set ip next-hop 126.96.36.199 ! route-map defaultroute_vivacom permit 10 match ip address 180 set ip next-hop 188.8.131.52 --- any help would be greatly appreciated!!! Thanks
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...