Hi All,
I am trying to get a 2811 to accept two IPSec peers however can only get one working at a time.
I have setup fa0/0 and fa0/1 with their own public facing IP addresses with crypto maps associated to each interface however can only establish connectivity to one interface at any one time. I suspect i need to implement route maps however am not 100% on this and would like some advice.
Relevent configuration below:
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key password address x.x.x.x
crypto isakmp key password address y.y.y.y
!
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
!
crypto map Crypto-Map-01 101 ipsec-isakmp
set peer x.x.x.x
set transform-set ESP-3DES-MD5
set pfs group2
match address 101
!
crypto map Crypto-Map-02 102 ipsec-isakmp
set peer y.y.y.y
set transform-set ESP-3DES-MD5
set pfs group2
match address 102
!
!
!
interface FastEthernet0/0
ip address a.a.a.a 255.255.255.0
duplex auto
speed auto
crypto map Clec-Crypto-Map-01
!
interface FastEthernet0/1
ip address b.b.b.b 255.255.255.0
duplex auto
speed auto
crypto map Knox-Crypto-Map-02
!
ip route 0.0.0.0 0.0.0.0 a.a.a.a
ip route 0.0.0.0 0.0.0.0 b.b.b.b