09-14-2016 07:12 AM - edited 02-21-2020 08:58 PM
Hi,
I'd like to set up a site-to-site VPN tunnel to 2 remote sites (A and B) to manage hosts in these networks.
We have multiple public IPs from our ISP, so we want to use one IP (a.a.a.a) for the tunnel to site A and the IP b.b.b.b for the tunnel to site B.
Our modem is operated in bridged mode and is connected to our router in the gigabitethernet8 interface. This interface gets the public IP a.a.a.a assigned via DHCP.
I (kind of) managed to set up a tunnel to site A, but the router does not even receive packets from site B. (maybe because the router B receives packets with source IP a.a.a.a but only accepts the peer b.b.b.b?)
Our router is the Cisco C898EA with IOS version 15.4(3)M1
If you need additional information, please feel free to ask, sorry if something crucial is missing.
Thanks in advance!
Solved! Go to Solution.
09-14-2016 08:47 AM
Hi Michael,
I see that you want Router 1 to connect to Site A & Site B with IP A.A.A.A for site A and with IP B.B.B.B for site B. First of all, I would like to understand why do you want both the tunnels to end on two different ip address even when they are getting configured on same device. The rule here is that you can have one crypto map per interface. This setup is not going to work if you want both tunnels to end on same device (same interface) with different ip addresses. You can configure another ip address on another interface and land second tunnel on that interface. Please remember that you will have to do manual routing for that as well so that the traffic coming on secondary interface responds through the same interface instead of default interface. Also, you will have to specify routed for the subnets at site B so that router is aware that he need to route traffic through interface B to reach subnets at site B.
Let me know if this helps.
Thanks,
Vishnu
(Please rate helpful posts)
09-14-2016 08:47 AM
Hi Michael,
I see that you want Router 1 to connect to Site A & Site B with IP A.A.A.A for site A and with IP B.B.B.B for site B. First of all, I would like to understand why do you want both the tunnels to end on two different ip address even when they are getting configured on same device. The rule here is that you can have one crypto map per interface. This setup is not going to work if you want both tunnels to end on same device (same interface) with different ip addresses. You can configure another ip address on another interface and land second tunnel on that interface. Please remember that you will have to do manual routing for that as well so that the traffic coming on secondary interface responds through the same interface instead of default interface. Also, you will have to specify routed for the subnets at site B so that router is aware that he need to route traffic through interface B to reach subnets at site B.
Let me know if this helps.
Thanks,
Vishnu
(Please rate helpful posts)
09-19-2016 05:22 AM
Hi!
Thank you for sharing your useful knowledge, we managed to use only one WAN IP for both tunnels and it works now.
Thanks,
Michael List
11-21-2019 07:53 PM
Hi Michael Lang,
How did you manage to use only one WAN IP for both tunnels?
07-10-2020 03:04 AM
How?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: