Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Single peer address for several vpn peers.

Hi everyone,

I apologise for posting this thread in this forum. I have also posted it in the vpn forum but find I always get a much quicker response here.

I wonder if anyone can help me please. I am setting up vpn tunnels between my site and 3 other sites (there is no connectivity required between these 3 sites).

I am using a Cisco 7301 as my endpoint and have a single IP address that all three sites have to use as their peer address to connect with my site.

Please help with the configuration of this, I am told it is possible to configure this but would like some assistance, any sample configs or pointers in the right direction will be gratefully received.

Cheers,

Martha

5 REPLIES
Hall of Fame Super Silver

Re: Single peer address for several vpn peers.

Hello Martha,

on your side you need to configure a crypto map with three blocks

something like

crypto isakmp key shared_pwd_C1 address public-peer-1

crypto isakmp key shared_pwd_C2 address public-peer-2

crypto isakmp key shared_pwd_C3 address public-peer-3

then three blocks with different sequence number like

crypto map VPN_MAP 1000 ipsec-isakmp

description peer1

set peer public-peer-1

set transform-set AES128

match address 2059

reverse-route

crypto map VPN_MAP 1010 ipsec-isakmp

description peer2

set peer public-peer-2

set transform-set AES128

match address 2060

reverse-route

crypto map VPN_MAP 1030 ipsec-isakmp

description peer3

set peer public-peer-3

set transform-set AES128

match address 2061

reverse-route

the crypto map is then applied on the outgoing interface

see

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_vpn_ipsec_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1047631

you need also to define the transform set that specify what encryption to use

Hope to help

Giuseppe

New Member

Re: Single peer address for several vpn peers.

Wow, as always Giuseppe thank you for your comprehensive, examplary post. I will amend the sample you sent and let you know how I get on. Again, many thanks, Martha.

New Member

Re: Single peer address for several vpn peers.

Giuseppe, what does the reverse-route command achieve?

Hall of Fame Super Silver

Re: Single peer address for several vpn peers.

Hello Martha,

I took this example from my production network with some changes.

the reverse-route command provides reverse-route injection that allows to create static routes to remote site during the ipsec tunnel is up.

We have a Stateful IPsec pair or routers that are two C7206VXR with NPE-G2 and 12.4(20)T advance_enterprise

I think the command can help in a redundant environment

see

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_r2.html#wp1040683

if I remember correctly you are going to use a PIX pair I'm not sure the command is available.

Hope to help

Giuseppe

New Member

Re: Single peer address for several vpn peers.

Thanks Giuseppe.

The pair is actually 7301 routers so I'll check but I'm almost certain it'll be fine.

142
Views
5
Helpful
5
Replies
CreatePlease to create content