11-22-2011 10:41 PM
Hi
On a Hub Router can we run two different crypto policy
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
My 2nd question : Do we need to apply 'Group 2' command in crypto isakmp policy for Dynamic IPSEC VPN ( Hub and spoke both are IOS routers )
I am planning to move a site-2-site vpn from ASA to IOS router.
ASA--------------------------------Router-spokeX (current working scenario )
ASA - static ip
Router - Dynamic IP
New Plan
Router-hub-----------------Router-spokeX
Router-hub - static Ip
Router-spokeX - Dynamic IP
Router-Hub already got 3 IPSEC tunnel running where all got static ip
thanks
ST
11-22-2011 11:35 PM
you can run as many you want but between sites VPN tunnel will be formed based on common policy .Suppose you have 10 remote sites running with diffrent policies and 10 policies you will have to configure on HUB as well.
11-23-2011 06:09 AM
Then I guess I got configuration issue for Dynamic IPSEC VPN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide