cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

239
Views
0
Helpful
0
Replies
Highlighted
Beginner

many vpn site-to-site tunnels between the same routers

Hi,

the title should be:

many vpn site-to-site tunnels between the same routers or many subnets between vpn tunnel :-)

I have to configure tunel/tunels between Cisco ISR 1941 and Fortigate

On Cisco site I have 3 subnets 24 bit, on forti site I have 5 subnets 24 bit.

The goal is conection beteen every subnet's.

My first conception was:

one Phase 1 (Crypto isakmp policy, Preshared key, peer, etc)

and

one Phase 2 (one crypto map, match address - one ACL permit traffic from any subnet on one site to any subnets on second site, fx:

ip access list VPN

10 permit ip 10.0.0.0 0.0.0.255 10.0.4.0 0.0.0.255

20 permit ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255

30 permit ip 10.0.2.0 0.0.0.255 10.0.4.0 0.0.0.255

40 permit ip 10.0.0.0 0.0.0.255 10.0.5.0 0.0.0.255

...etc,

one transform-set, etc.

But this not work.

Second conception was one phase 1, and many crypto map's sequention's - for evry network conections

crypto map CMAP 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set security-association lifetime seconds 36400

set transform-set TS

set pfs group5

match address VPN-1

crypto map CMAP 20 ipsec-isakmp

set peer xxx.xxx.xxx.xx

set security-association lifetime seconds 36400

set transform-set TS

set pfs group5

match address VPN-2

crypto map SDIMAP 30 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set security-association lifetime seconds 36400

set transform-set TS

set pfs group5

match address VPN-3

where VPN-1 is for example

ip access list VPN-1

10 permit ip 10.0.0.0 0.0.0.255 10.0.4.0 0.0.0.255

ip access list VPN-2

10 permit ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255

etc

but this not work too

Eny one know how to solve my problem?

Everyone's tags (8)