cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
631
Views
0
Helpful
4
Replies

ASA to IOS and IOS to IOS on the same hub interface

jgoss0002
Level 1
Level 1

I need to terminate both GRE tunnels from cisco routers and ipsec tunnels from ASAs onto the same interface on a 2911. Can someone please tell me how to accomplish this?

4 Replies 4

Kamal Malhotra
Cisco Employee
Cisco Employee

Is the GRE tunnel with IPSEC or without IPSEC? If with IPSEC, then all you need is a crypto map with different sequence numbers, one for your GRE/IPSEC tunnel and the other for the IPSEC tunnel. The crypto map is going to be bound with the interface in question.

 

Please let me know if you have further query about it.

 

Currently. I am using DMVPN and trying to add ipsec tunnels for the ASAs. I am open to changing my design if there is a better model. When I add a crypto map to my current interface it takes down the dmvpn. 

Would you be able to share the config and the configu you are adding? You may hide sensitive information. If you choose to hide, please replace the real IP address with whatever IPs but please keep the change consistent. E.G : If you change 10.1.1.1 with 192.168.1.1, please make sure 192.168.1.1 shows up instead of 10.1.1.1 at every point.

thanks for the reply. I have been sidetracked. This vpn is working but I need to ad an ASA to it. Here is the pertinent config

 

crypto keyring 123KEY vrf 123vpn
pre-shared-key address 2.2.2.2 key 123456
!
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
!
!
crypto ipsec transform-set 123SET esp-aes esp-sha-hmac
mode tunnel
!
!
crypto ipsec profile 123Profile
set transform-set 123SET
!
!
interface Tunnel200
ip address 10.1.2.3 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 10200
tunnel source GigabitEthernet0/2
tunnel mode gre multipoint
tunnel vrf 123vpn
tunnel protection ipsec profile 123Profile
!
!
interface GigabitEthernet0/2
ip vrf forwarding 123vpn
ip address 1.1.1.1 255.255.255.248
duplex auto
speed auto