cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
900
Views
5
Helpful
6
Replies

More than one Site to Site VPN

engahmedfakhry
Level 1
Level 1

hello guys , i wanna know if it is possible to make more than one Site to Site VPN tunnel using the same serial interface and different destinations ...

6 Replies 6

shailesh.h
Level 1
Level 1

Yes, What exactly you want to achieve?

First of all , thanks for your answer

I have a site to site tunnel from point A to point B , and i need to add another tunnel from point A to Point C using the same serial interface at Point A

My response and your follow up post were very close in time and I am not sure that you had seen my response when you sent your post. Was my response sufficient, or do you still have questions.

HTH

Rick

HTH

Rick

Dear Richard

Thanks for your response , my first post was regarding the answer written by shaliesh

Let me make it clear ..

As far as i know ,, To make a VPN Site to Site you have to follow this steps

1. Configure the ISAKMP Policy

2. Configure the IPSEC Transform set

3. Configure the Crypto ACL

4.Configure the Crypto map

5.Apply the crypto map to the interface

6.configure the Firewall ACL

and i have did this for the first tunnel and it is working properly ,,,

what i was going to do is that to repeat all those steps wiht different Policy , Transform set and Crypto map also ..

but i am not sure if this is goign to work ?????

Going through all those steps and creating a new crypto map will not work.

Depending on the requirements of the second destination it is likely that the same ISAKMP policy and same IPSEC transform set can be used for both connections. (or if the second destination requires a different ISAKMP policy or requires a different transform set, then you would configure additional ones as required).

You would need to configure an additional crypto ACL and you would apply that ACL in the second instance of the crypto map.

You do not create a separate crypto map but you create another instance (another destination - as I show in my previous response). And since it is the same crypto map there is no change in configuration of the serial interface. (and if you experiment with it you will find that the serial interface can have only 1 crypto map applied to it)

There may be changes in the firewall configuration to permit this new destination.

HTH

Rick

Richard Burts
Hall of Fame
Hall of Fame

Yes it is possible to have multiple site to site tunnels and all use the same serial interface for the outbound connection. To accomplish this you would configure a single crypto map with multiple instances. It might look something like this:

crypto map testmap 10 ipsec-isakmp
set peer x.x.x.x

other set statements

crypto map testmap 20 ipsec-isakmp
set peer y.y.y.y

other set statements

interface serial1

crypto map testmap

HTH

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card