12-08-2020 09:06 AM
Dears,
If I have HQ and DR, and some subnets in HQ and other in DR.
If i configured under crypto map two peers to HQ and DR, it will initiate tunnel to the HQ and DR, or Crypto map will prefer the first peer only?
Also how to solve this ( i want to create two tunnels to HQ and DR and if branch want to talk to DR subnet will go through DR tunnel and if branch want to talk to HQ subnet , will go through HQ tunnel)?
12-08-2020 09:45 AM
Hello,
what are we dealing with, a DMVPN ?
12-08-2020 09:58 AM
No , we just need to have P2P encrypted tunnel
12-08-2020 10:10 AM
!
crypto isakmp policy 10
encryption 3des
authentication pre-share
group 2
crypto isakmp key HollyMaya address 201.99.24.2
crypto ipsec transform-set esp-aes esp-aes esp-sha-hmac
mode tunnel
crypto map HollyMayaMap 10 ipsec-isakmp
set peer 201.99.24.2 HQ
set Peer 201.99.24.5 DR, I need to add this second peer IP,
set transform-set esp-aes
match address 100
interface Ethernet0/0
crypto map HollyMayaMap
12-08-2020 12:56 PM
Hello,
add the 'default' keyword to the first peer, that will make it the preferred peer:
crypto isakmp policy 10
encryption 3des
authentication pre-share
group 2
crypto isakmp key HollyMaya address 201.99.24.2
crypto ipsec transform-set esp-aes esp-aes esp-sha-hmac
mode tunnel
crypto map HollyMayaMap 10 ipsec-isakmp
set peer 201.99.24.2 default
set Peer 201.99.24.5
set transform-set esp-aes
match address 100
interface Ethernet0/0
crypto map HollyMayaMap
If you want certain traffic to go through the other peer, create a new tunnel and crypto map matches the desired traffic flow.
12-08-2020 01:04 PM
Could I have example for certain traffic go through second peer with new tunnel?
12-08-2020 12:32 PM - edited 12-08-2020 01:45 PM
Prefer first one if it failed it will choose second one,
other solution is
config two tunnel share same tunnel source but different tunnel destination and config ipsec profile with share keyword one both tunnel.
this ipsec over tunnel is route based so
any route through tunnel one will be protect and pass through this tunnel.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide