Can we have different crypto maps to different interfaces as per config below?
crypto ipsec transform-set SET1 esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000 crypto map map1 20 match address site1l2l crypto map map1 20 set peer x1.x1.x1.x1 crypto map map1 20 set transform-set SET1 crypto map map1 interface outside
crypto isakmp policy 20 authentication pre-share encryption 3des hash md5 group 2 lifetime 28800
tunnel-group x1.x1.x1.x1 type ipsec-l2l tunnel-group x1.x1.x1.x1 ipsec-attributes pre-shared-key *****
crypto ipsec transform-set SET2 esp-3des esp-md5-hmac
crypto map map2 30 match address site2l2l crypto map map2 30 set peer x2.x2.x2.x2 crypto map map2 30 set transform-set SET2
crypto map map2 interface perim
crypto isakmp policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400
tunnel-group x2.x2.x2.x2 type ipsec-l2l tunnel-group x2.x2.x2.x2 ipsec-attributes pre-shared-key *****
Yes, this is definitely a supported config. This is commonly used for backup ISP VPN connection.
Thank-you for confirming.
Thanks for this information, it is really help me to understand the behavior using crypto map in different interfaces (outside) with policy-based ikev2 l2l vpn, when you are not using routed based vpn.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: