09-12-2011 12:47 PM - edited 02-21-2020 05:34 PM
Guys,
When it comes to creating a site to site VPN on Cisco IOS, I have a clear understanding of that from a 1-1 perspective4. However, I now need to extend that site to site VPN to have now more like a hub and spoke, 1 to many.
So basically for a 1 to 1 site mapping I would do something like below. I would appreciate some suggestions on how to extend this or redesign it to suit. Thanks
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key nik address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set mySet ah-md5-hmac
!
crypto map myMap 5 ipsec-isakmp
set peer xx.0.0.2
set transform-set mySet
match address CW-VIC
interface FastEthernet0/0
ip address xx.0.0.2 255.255.255.x
duplex auto
speed auto
crypto map myMap
ip access-list extended VPN-TRAF
permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
09-13-2011 12:43 PM
Guys,
I've figured this out.
For anyone else in the future having this issue
While you cannot add more than one crypto map to the interface, you can add numbers at the end of the map.
!
--- PEER 1
crypto map myMap 5 ipsec-isakmp
set peer X0.0.0.2
set transform-set mySet
match address 100
access-list 100 permit ip 172.30.0.0 0.0.255.255 172.17.10.0 0.0.0.255
--- PEER 2
crypto map myMap 20 ipsec-isakmp
set peer Y0.0.0.2
set transform-set mySet
match address 102
access-list 102 permit ip 172.30.0.0 0.0.255.255 172.16.10.0 0.0.0.255
Hope this helps someone in the future
09-13-2011 12:54 PM
I am glad that you worked out a solution for your own problem. Sometimes these are the best lessons that we learn. Thank you for posting back to the forum that you had solved it and wat the solution was. +5 to you for this.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide