Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1046
Views
0
Helpful
4
Replies

is it possible to implement bot VPN site to Site with interface tunnel and crypto maps

Lasandro Lopez
Level 1
Level 1

‎01-24-2014 11:41 PM

Hi there!
i've currently a site to site vpn with another cisco router with interface tunnels

i've such configuration:

interface Tunnel 22

description :SITE-TO-SITE

ip address 10.1.1.1 255.255.255.252

tunnel source 1.1.1.1

tunnel destination 1.1.1.2

Now i want to add some other sites with Mikrotik

which is the best way to proceed?

i'm planning to create isakmp policy, crypto tranform set, crypto map...and finally, to apply the crypto map to outside interface, that is fa0/0

R1(config)#int fa 0/0

R1(config-if)#crypto map VPN_MAP

will it work??? or will it destroy the actual site to site that i've with tunnel 22?

regards!

Labels:
0 Helpful
4 Replies 4

Jeff Van Houten
Level 5
Level 5

‎01-25-2014 07:02 AM

There can only be one crypto map statement installed on an interface. There can be multiple sites and policies attached to that one crypto map.

Sent from Cisco Technical Support iPad App

0 Helpful

Lasandro Lopez
Level 1
Level 1
In response to Jeff Van Houten

‎01-28-2014 04:53 AM

Hi Jeff!

But how to implement vpn with multiple sites, where in interface, could be applied only one crypto map???

Hi Blau!

could you please suggest some more details regarding your scenario...network topology and configuration?

regards!

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Lasandro Lopez

‎01-28-2014 05:09 AM

Hi,

Here is one site describing a setup where a single Crypto Map is used for L2L VPN and Client VPN (though in my opinion the Crypto Map name used in the configuration example could be missleading)

http://www.networklabs.info/2013/02/cisco-site-to-site-remote-access-vpn.html

The key thing with Cisco routers as with ASAs with such setup is that you need to keep the

crypto map

staments so that the "crypto map" statement meant for the VPN Clients (dynamic sessions) is kept at the very bottom by having a high value in the section. Think the ASA defaults to use 65535 if you configure it through the VPN wizard. In the example the value used is 100 which would permit the user to use values between 1 - 99 for different L2L VPN configurations.

I can't personally comment on the current connection with the Tunnel interface. I barely configure VPNs with Cisco routers. Most is done with ASAs and Routers mostly have L2L VPN connections only with Crypto Map configurations.

- Jouni

0 Helpful

blau grana
Level 7
Level 7

‎01-25-2014 10:04 AM

Hi Lasandro,

combination of VTIs and crypto map should work fine, I use this type of configuration all the time.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful
Customers Also Viewed These Support Documents