Cisco 2901 router multiple vpn tunnels

JMJZaman69 · ‎05-29-2015

Hi Guys,

I have an issue with Cisco 2901

I need to connect to 2 sites from the main office

However when the 2nd site connects i lose the first VPN.

does the 2901 support 2 site to site VPN connections ?

Thank you kindly for viewing

Matthew

vivek srivastava · ‎05-29-2015

Not seen such case, I think its related to config.

JMJZaman69 · ‎05-29-2015

Thank you for quick eyes but config below seems okay

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 2

encr aes 256

authentication pre-share

group 2

crypto isakmp key THEKEYTOSITE1 address SITE.ONE.xx.xx

crypto isakmp key THEKEYTOSITE2 address SITE.TWO.x.xx

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

mode tunnel

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

mode tunnel

!

rypto ipsec transform-set SITETWO esp-aes 256 esp-sha-hmac

mode tunnel

!

crypto map SITEONE 1 ipsec-isakmp

description Tunnel SITEONE

set peer x.x.x.x

set transform-set ESP-3DES-SHA1

match address 103

!

crypto map SITETWO 1 ipsec-isakmp

description Tunnel SITETWO

set peer x.x.x.x

set transform-set SITETWO

match address 104

!

interface GigabitEthernet0/1

description external WAN

ip address xxx.x.xxx.xx xxx.xxx.xxx.xxx

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map SITEONE

crypto map SITETWO

!

ip nat inside source route-map SITEONE interface GigabitEthernet0/1 overload

ip nat inside source route-map SITETWO interface GigabitEthernet0/1 overload

route-map SITEONE permit 1

match ip address 104

route-map SITETWO permit 1

match ip address 104

vivek srivastava · ‎05-29-2015

Problem is bcos you are applying two crypto-map on single interface.

Use nested config.