Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN with multiple interfaces

Hi ,

Can not find Cisco solution for VPN configuration , where Cisco VPN Peer has two external interfaces.

Means , that IPSec traffic could be send towards both interfaces according to some resolving mechanism.

- Does Cisco support Multiple IPSec end points for the same peer?

- How can I configure Cisco VPN Peer , with at least two external interfaces and choose IPSec end point.

thanx !

Hall of Fame Super Gold

Re: VPN with multiple interfaces


I am not sure that I understand your first question:

- Does Cisco support Multiple IPSec end points for the same peer?

If you mean does Cisco support configuring two different peer relationships between two routers, then I think that the answer is no. But if you mean (as I suspect that you do) does Cisco support configuration where the IPSec might be received over either of serveral interfaces (or tranmitted over several interfaces) then the anser is yes.

I have configured a good bit of VPN and several have involved VPN on routers with multiple interfaces. The situation can be simpler when there is only one candidate interface - you peer to the interface address and the router will source the VPN packets from the physical interface. But with multiple interfaces the situation gets more complex. Part of the answer is the optional configuration in the crypto map of:

crypto map local-address

In this situation you do not want to peer with the physical interface and it is better to peer with something like a loopback interface. As long as you source from or peer to something like a loopback then the choice of which physical interface no longer has impact.

So let you map specify an address that is not dependent on either of the physical interfaces that may be involved.



CreatePlease to create content