01-16-2019 08:15 AM - edited 02-21-2020 09:32 PM
I have 2 separate routers & tunnels I was looking to combine, but I am not familiar enough whether these are combatible to put on a single router. One uses GRE and crypto-map applied to the outside interface, the other uses crypto-ipsec profile applied to the tunnel interface.
Are these two methods compatible on a single router? In my test it failed, but I did not look too much further as I had assumed that the problem was the 1st tunnel's crypto-map applied to the outside interface would intercept traffic to tunnel 2.
Is this worth trying to find a work around, or are these two distinctly incompatible? I had assumed both would look at the source & destination to determine which policy to apply, but my test was not successful.
Tunnel #1 | Tunnel #2 |
crypto isakmp policy 1 encr aes authentication pre-share group 2 ! crypto ipsec transform-set T1 esp-aes 256 esp-sha-hmac mode transport ! crypto isakmp key ****** address 6*.23.**.5 ! crypto map TUN0-MAP 10 ipsec-isakmp set peer 6*.23.**.5 set transform-set T1 match address 150 ! interface Tunnel0 ip address 1.1.1.2 255.255.255.252 tunnel source 10.5.1.55 tunnel destination 6*.23.**.5 ! interface FastEthernet4 ip address 10.5.1.55 255.255.255.0 crypto map TUN0-MAP ! access-list 150 permit gre host 10.5.1.55 host 6*.23.**.5 |
crypto isakmp policy 2 router bgp 2***1
|
01-16-2019 10:13 AM
01-16-2019 01:18 PM
Thanks RJI,
I took a second look and it turns out the vendor had provided a document with an example VTI config. But their example had not included the isakmp profile configuration which is what I was missing. I had instead included the old format isakmp + key + format . So I had tried to build the tunnel with only the example they provided, and of course it failed. I had only previous experience with crypto-maps, this was my first ipsec tunnel profile.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide