Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
888
Views
0
Helpful
4
Replies

Cisco router -multiple tunnels can i setup multiple isakmp identities?

Go to solution
Brett Martin
Level 1
Level 1

‎03-02-2017 05:43 PM

Hello, I have a cisco 2811 and have setup 2 ipsec tunnels. My router is behind a firewall with 1-1 NAT. I can get one tunnel working as long as IKE peer id is the interface IP address. The second tunnel will only work if i set the crypto isakmp identity to hostname, and it works. I can only have one work at a time. The tunnel is souced on the same physical interface.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to Brett Martin

‎03-02-2017 06:21 PM

Both ipv4 and ipv6. If ipv6 is required as identity, you would have to use "address ipv6".

You would have to use the "set isakmp-profile <profilename>" under the crypto map to link them to the tunnel. An example for this is given here:

https://supportforums.cisco.com/document/11935411/site-site-between-cisco-ios-router-using-isakmp-profile-and-certificate

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎03-02-2017 06:04 PM

I believe this is possible. You would have to use the "self-identity" command under an isakmp profile (one for each peer) and tie that profile into a crypto map entry. You would have to have the right condition to match the peer to the correct isakmp profile. Command info is here:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s1.html#wp2948613298

0 Helpful

Go to solution
Brett Martin
Level 1
Level 1
In response to Rahul Govindan

‎03-02-2017 06:12 PM

Hi Rahul,

Thank you for your response! Is this command only available for ipv6 and not ipv4? Is the ipv6 command just to allow you to specify ipv6 if desired?.

Additionally, howdo I link this to my tunnel?

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to Brett Martin

‎03-02-2017 06:21 PM

Both ipv4 and ipv6. If ipv6 is required as identity, you would have to use "address ipv6".

You would have to use the "set isakmp-profile <profilename>" under the crypto map to link them to the tunnel. An example for this is given here:

https://supportforums.cisco.com/document/11935411/site-site-between-cisco-ios-router-using-isakmp-profile-and-certificate

0 Helpful

Go to solution
Brett Martin
Level 1
Level 1
In response to Rahul Govindan

‎03-03-2017 05:28 AM

Thank you very much Rahul--that worked!!

0 Helpful
Customers Also Viewed These Support Documents
Top