07-26-2007 07:39 AM - edited 03-09-2019 06:28 PM
I am trying to configure a pair of ipsec tunnels between two routers for testing purposes. I'd appreciate any insight. I've attempted vti, secondary addresses, etc, to no avail.
Routers are 2851 ISR's with the AIM and IOS 12.4(15)T
07-26-2007 03:34 PM
Hi, there are many examples and guides on cisco.com. You can start there and then try to be a little more specific in your question.
A very basic example:
Another basic example with NAT:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml
I hope that helps you to get get started.
07-27-2007 04:09 AM
I agree that there are plenty of examples for creating a single tunnel between two routers, and I have experience with this. My goal is creating dual tunnels between two routers. Thanks for the effort.
07-27-2007 04:30 AM
Why do you want to do that? Between dfferent interfaces you mean? In that case it is not much different from one tunnel.
In any case I recommend to use encrypted gre tunnels, as you may want to run some kind of routing protocol over the tunnels. It also scales much better.
07-27-2007 06:02 AM
I don't need the function or overhead of gre. I am evaluating the ISR performance for ipsec and I have almost zero ipsec hardware in the lab. I only have 1 other router with at/greater hardware specifications as the device under test, so I was attempting the multiple tunnel approach to compare the performance specs of 1 tunnel on the DUT versus 10,20,30,etc tunnels.
07-28-2007 05:12 AM
Just add lots of networks to each side, you will end up with many SA:s, which is virtually the same as multiple "tunnels".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide