configuring two site to site vpns on a single router (iskmp)

gil · ‎06-06-2013

hi all,

this is my first post in forum, hope you all help me in trouble shooting my issues.

i have to configure site to site vpn from HO to branch office. I did it worrking with the help of below video

http://www.youtube.com/watch?feature=endscreen&NR=1&v=WKfVvPZL1W4

Now my requirement is we have another branch coming up, if it is so what should i do ? do i need to create new pre-share key, transform-set etc ... or i simply need to configure new branch as i did in first branch and add this ip route in HO router ?

please help me.

thank you very much in advance.

guibarati · ‎06-07-2013

If you will use the same interface to reach the new branch you need to populate the same crypto map but with an higher number.

So if you used:

crypto map mymap 10 set transform...

crypto map mymap 10 set peer....

crypto map mymap 10 match....

Now you need to do

crypto map mymap 20 set transform...

crypto map mymap 20 set peer....

crypto map mymap 20 match....

The transform set can be the same.

The peer will be different. So you need to set a new (or the same) key to the new peer. crypto isakmp key "key" address "new address"

And the "match" has to use a different access-list. This access list will specify the local and remote network. The new remote network has to be different than the first one so the crypto map will try to match it against the list used on crypto 10, will not match, will move to crypto 20 -> Match. Then it will use the peer and transforme set configured on crypto 20.

This is the basic explanation.

Rate the post if it is it helped you.