cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4187
Views
40
Helpful
18
Replies

IPSec Profile

MrBeginner
Spotlight
Spotlight

Dear All,

Let me know which one is the best practice of below two type of configuration for IPSec profile .

I saw this message  (Each policy has a unique priority number assigned to it.The peers must share at least one common policy to allow for successful secure communication. ) in cisco ebook.That mean i need to use unique policy for all tunnels(DMVPN,PtP)? that mean for remote site ?

crypto ikev2 policy IPSec 
proposal proposal
!

crypto ikev2 profile profile
description IKEv2 profile
match certificate CERT-MAP
identity local dn 
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint my-ca

 OR

crypto ikev2 policy IPSec 

match address local x.x.x.x
proposal proposal

crypto ikev2 profile profile
description IKEv2 profile
match identity remote address x.x.x.x
identity local address x.x.x.x

authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint my-ca

18 Replies 18

Hi,
Where you have multiple WAN.

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

hi ,

please see my config and let me know now to use loopback in HUB site only ? i remove IPSec profile DMVPN is work properly. i got error in ipsec profile

 

Hi,

Please the my diagram for hub site.multiple wan is the hub router.

You need loopback wherever you have multiple wans. 

 

***** please remember to rate useful posts 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: