Hi All,

I am trying to get a 2811 to accept two IPSec peers however can only get one working at a time.

I have setup fa0/0 and fa0/1 with their own public facing IP addresses with crypto maps associated to each interface however can only establish connectivity to one interface at any one time. I suspect i need to implement route maps however am not 100% on this and would like some advice.

Relevent configuration below:

crypto isakmp policy 2

encr 3des

hash md5

authentication pre-share

group 2

lifetime 28800

crypto isakmp key password address x.x.x.x

crypto isakmp key password address y.y.y.y

!

!

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

!

crypto map Crypto-Map-01 101 ipsec-isakmp

set peer x.x.x.x

set transform-set ESP-3DES-MD5

set pfs group2

match address 101

!

crypto map Crypto-Map-02 102 ipsec-isakmp

set peer y.y.y.y

set transform-set ESP-3DES-MD5

set pfs group2

match address 102

!

!

!

interface FastEthernet0/0

ip address a.a.a.a 255.255.255.0

duplex auto

speed auto

crypto map Clec-Crypto-Map-01

!

interface FastEthernet0/1

ip address b.b.b.b 255.255.255.0

duplex auto

speed auto

crypto map Knox-Crypto-Map-02

!

ip route 0.0.0.0 0.0.0.0 a.a.a.a

ip route 0.0.0.0 0.0.0.0 b.b.b.b