Re: Configuring a 3-site VPN

markschmitt531555134 · ‎04-28-2021

Mornin'

A co-worker told me that when you configure a 3-site VPN, HostA, HostB, HostC, for example, you have to shutdown the interface of the 3rd FW when configuring the other 2, is that correct? Or, am I supposed to shutdown the ISP hub router interface to the 3rd network? For example, when you configure the crypto ikev1 policy, network objects and access lists for the HostA and HostB VPN tunnel-group, the outside interface of HostC should be shut down when you're doing it. Just trying to trouble shoot. Thanks!

Rob Ingram · ‎04-28-2021

@markschmitt531555134

You don't say which hardware you are using, but I assume you are using ASA firewalls?

No you don't need to shutdown the remote interface when configuring other firewalls. You can configure the firewalls with the commands and once complete just generate interesting traffic in order to establish the VPN tunnel. However, if you wish, when you configure the firewall just leave the command "crypto map <crypto map name> interface <interface name>" to last once the other commands have been defined to enable the VPN on the outside interface.

balaji.bandi · ‎04-28-2021

Technically not required, but still the basic information is missing here, what we understand, In the Router you have 3 tunneles VTI ?

Give us more information and configuration, what is the issue ?

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎04-28-2021

we need more info.