cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
458
Views
0
Helpful
1
Replies

Change VPN IPSEC static-static to static-dynamic

DucTranHong5512
Beginner
Beginner

Hi, i have VPN site-to-site ipsec and have static all both site. It's worked. Now i add 1 site to VPN, so i must change to static-dynamic. But my vpn between 2 old site cant work, i just only change config in hub site.

 

 

##hub

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key cisco123 address 0.0.0.0 //new config is red text

!

!

crypto ipsec transform-set TS esp-3des esp-md5-hmac

mode tunnel

!

!

crypto dynamic-map hq-vpn 10

set security-association lifetime seconds 86400

set transform-set TS

match address VPNTRAFFIC

!

!

crypto map VPN-DYNAMIC 10 ipsec-isakmp dynamic hq-vpn

!

crypto map cmap 10 ipsec-isakmp

set peer <peer ip public>

set security-association lifetime seconds 86400

set transform-set TS

match address VPNTRAFFIC

!

!

interface Dialer1

 crypto map VPN-DYNAMIC !

 

 

 

##Spoke

 

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key cisco123 address <peer public ip>

!

!

crypto ipsec transform-set TS esp-3des esp-md5-hmac

mode tunnel

!

!

!

crypto map cmap 10 ipsec-isakmp

set peer <peer public ip>

set security-association lifetime seconds 86400

set transform-set TS

match address VPNTRAFFIC

 
 
 
 
 
Thanks so much!
1 Reply 1

Rob Ingram
VIP Expert VIP Expert
VIP Expert

Hi,

Here is a guide to implement Dynamic Crypto map, check out the crypto dynamic-map section which is configured differently to yours. Alternatively you could consider implementing a Dynamic VTI (DVTI) solution such as FlexVPN or DMVPN.


HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers