05-29-2015 04:57 AM - edited 03-05-2019 01:34 AM
Hi Guys,
I have an issue with Cisco 2901
I need to connect to 2 sites from the main office
However when the 2nd site connects i lose the first VPN.
does the 2901 support 2 site to site VPN connections ?
Thank you kindly for viewing
Matthew
05-29-2015 05:06 AM
Not seen such case, I think its related to config.
05-29-2015 05:40 AM
Thank you for quick eyes but config below seems okay
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes 256
authentication pre-share
group 2
crypto isakmp key THEKEYTOSITE1 address SITE.ONE.xx.xx
crypto isakmp key THEKEYTOSITE2 address SITE.TWO.x.xx
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode tunnel
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
mode tunnel
!
rypto ipsec transform-set SITETWO esp-aes 256 esp-sha-hmac
mode tunnel
!
crypto map SITEONE 1 ipsec-isakmp
description Tunnel SITEONE
set peer x.x.x.x
set transform-set ESP-3DES-SHA1
match address 103
!
crypto map SITETWO 1 ipsec-isakmp
description Tunnel SITETWO
set peer x.x.x.x
set transform-set SITETWO
match address 104
!
interface GigabitEthernet0/1
description external WAN
ip address xxx.x.xxx.xx xxx.xxx.xxx.xxx
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map SITEONE
crypto map SITETWO
!
ip nat inside source route-map SITEONE interface GigabitEthernet0/1 overload
ip nat inside source route-map SITETWO interface GigabitEthernet0/1 overload
route-map SITEONE permit 1
match ip address 104
route-map SITETWO permit 1
match ip address 104
05-29-2015 11:07 AM
Problem is bcos you are applying two crypto-map on single interface.
Use nested config.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide