ipsec-vpn

sunil-koul · ‎10-03-2012

Please suggest

I have 1 interface FastEthernet0/1 which has public ip and connected to 2mb internet link.I want to create multiple vpn sessions with different peers having public ips.so I am creating multiple crypto maps with seq number and applying it to fasthernet0/1.please see below.

first defining policy

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

then defining

crypto isakmp key

then crypto ipsec transform-set

and then

crypto map name seq no ipsec-isakmp

match the access-list

set the group

and finally apply crypto map to fastethernet0/1

will it create multiple sessions with different peers?

Also need to knw in which cases we need to create interface tunnels

please respond

cadet alain · ‎10-03-2012

Hi,

you must set the peer address in the crypto map. The other way of doing IPSeC VPN is with VTI( tunnel interface) but the other end must support it as there is no more crypto ACL but all traffic routed through the tunnel is going through the VPN.

Regards.

Alain

Don't forget to rate helpful posts.

sunil-koul · ‎10-04-2012

thanks.please explain little bit about the interface tunnel with an example

cadet alain · ‎10-04-2012

Hi,

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html

Regards.

Alain

Don't forget to rate helpful posts.