Solved: Re: IPSec Profile - Page 2

MrBeginner · ‎02-19-2019

Dear All,

Let me know which one is the best practice of below two type of configuration for IPSec profile .

I saw this message (Each policy has a unique priority number assigned to it.The peers must share at least one common policy to allow for successful secure communication. ) in cisco ebook.That mean i need to use unique policy for all tunnels(DMVPN,PtP)? that mean for remote site ?

crypto ikev2 policy IPSec
proposal proposal
!

crypto ikev2 profile profile
description IKEv2 profile
match certificate CERT-MAP
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint my-ca

OR

crypto ikev2 policy IPSec

match address local x.x.x.x
proposal proposal

crypto ikev2 profile profile
description IKEv2 profile
match identity remote address x.x.x.x
identity local address x.x.x.x
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint my-ca

Deepak Kumar · ‎02-20-2019

Hi,
Where you have multiple WAN.

Regards,
Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

MrBeginner · ‎02-20-2019

hi ,

please see my config and let me know now to use loopback in HUB site only ? i remove IPSec profile DMVPN is work properly. i got error in ipsec profile

MrBeginner · ‎02-20-2019

Hi,

Please the my diagram for hub site.multiple wan is the hub router.

Mohammed al Baqari · ‎02-20-2019

You need loopback wherever you have multiple wans.

***** please remember to rate useful posts