I need to setup Lan-to-Lan VPNs to between 3 routers. Each router has one interface on our public LAN and one int on a private 192.168 network.
I have sucessfully configured the first pair of routers, with an IPsec connection between R1 and R2. Trying to add a new IPsec connection between R2 and R3 has been a problem. It looks like I can only apply one crypto map on an interface.
When done, I need 3 IPsec connections, R1-R2, R2-R3 and R3-R1. What is the best way to do this? Do I need to use GRE tunnels and tunnel interfaces? Or is there a better way?
I would like to add some information to my post above.
The current working config uses IPsec without GRE. It works fine between 2 routers.
My problem is how to expand this to more than 2 routers. The traffic will only be IP unicast, there is no NAT involved and no dynamic routing. If I can avoid GRE, it'd be easier.
sounds like you want to 2 remote sites to talk to each other. That would be a fully meshed IPSEC connection. I also included Hub in Spoke if you want it. If you want to pass RPs or broadcasts accross the IPSEC connection I would use GRE. If you are using unicast traffic I would use a non GRE IPSEC solution.
hub and spoke
thanks for the links. The doc on the fully meshed configuration answered my question.
I had initially created 2 crypto maps, and only one could be bound to the interface. The document indicated how to combine two tunnels whithin a single crypto map. Problem is resolved.