02-19-2019 06:29 PM - edited 02-21-2020 09:34 PM
Dear All,
Let me know which one is the best practice of below two type of configuration for IPSec profile .
I saw this message (Each policy has a unique priority number assigned to it.The peers must share at least one common policy to allow for successful secure communication. ) in cisco ebook.That mean i need to use unique policy for all tunnels(DMVPN,PtP)? that mean for remote site ?
crypto ikev2 policy IPSec
proposal proposal
!
crypto ikev2 profile profile
description IKEv2 profile
match certificate CERT-MAP
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint my-ca
OR
crypto ikev2 policy IPSec
match address local x.x.x.x
proposal proposal
crypto ikev2 profile profile
description IKEv2 profile
match identity remote address x.x.x.x
identity local address x.x.x.x
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint my-ca
Solved! Go to Solution.
02-20-2019 12:24 AM - edited 02-20-2019 12:46 AM
Hi,
Where you have multiple WAN.
Regards,
Deepak Kumar
02-20-2019 01:00 AM
hi ,
please see my config and let me know now to use loopback in HUB site only ? i remove IPSec profile DMVPN is work properly. i got error in ipsec profile
02-20-2019 01:14 AM
02-20-2019 12:42 AM
You need loopback wherever you have multiple wans.
***** please remember to rate useful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: