cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
862
Views
10
Helpful
3
Replies

Crypto maps to different interfaces

pokwan
Beginner
Beginner

Hi,

Can we have different crypto maps to different interfaces as per config below?

crypto ipsec transform-set SET1 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000
crypto map map1 20 match address site1l2l
crypto map map1 20 set peer x1.x1.x1.x1
crypto map map1 20 set transform-set SET1
crypto map map1 interface outside

crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 28800

tunnel-group x1.x1.x1.x1 type ipsec-l2l
tunnel-group x1.x1.x1.x1 ipsec-attributes
pre-shared-key *****

crypto ipsec transform-set SET2 esp-3des esp-md5-hmac

crypto map map2 30 match address site2l2l
crypto map map2 30 set peer x2.x2.x2.x2
crypto map map2 30 set transform-set SET2

crypto map map2 interface perim

crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400

tunnel-group x2.x2.x2.x2 type ipsec-l2l
tunnel-group x2.x2.x2.x2 ipsec-attributes
pre-shared-key *****

Thanks.

PF

3 Replies 3

Rahul Govindan
Advocate
Advocate

Yes, this is definitely a supported config. This is commonly used for backup ISP VPN connection.

Rahul,

Thank-you for confirming.

PF

bonesquall01
Beginner
Beginner

Thanks for this information, it is really help me to understand the behavior using crypto map in different interfaces (outside) with policy-based ikev2 l2l vpn, when you are not using routed based vpn.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers