Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
0
Helpful
1
Replies

Is it possible?

netalpha200
Level 1
Level 1

‎09-29-2011 08:06 AM

Hi all,

I have one Cisco ISR 2921 with VPN module. I'd like to be able to use it in order to "virtualice" independent instances for ipsec tunneling.

What I need is something like Asa security contexts, but the problem with Asa contexts is that don't support Vpns. Any idea?

I'd like to use something like independent crypto maps, so if I need to take one down, or reconfigure, I need the others to keep working. It'll be for a production environment that must be up 99.9999

Thank you for reading...

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-30-2011 10:02 AM

Ricardo,

IOS supports VRF-aware IPsec (vrf lite), which would allow you to separate logically the traffic between different VRF instances.

You can configure separate crypto maps/VTIs on different interfaces.

But to be honest you cannot guarantee 6x9 one one device, assuming something like this is unreasonable.

Marcin

0 Helpful
Customers Also Viewed These Support Documents