02-13-2006 11:55 AM - edited 02-21-2020 02:15 PM
I need to setup Lan-to-Lan VPNs to between 3 routers. Each router has one interface on our public LAN and one int on a private 192.168 network.
I have sucessfully configured the first pair of routers, with an IPsec connection between R1 and R2. Trying to add a new IPsec connection between R2 and R3 has been a problem. It looks like I can only apply one crypto map on an interface.
When done, I need 3 IPsec connections, R1-R2, R2-R3 and R3-R1. What is the best way to do this? Do I need to use GRE tunnels and tunnel interfaces? Or is there a better way?
Thank you,
Remy
02-13-2006 12:47 PM
I would like to add some information to my post above.
The current working config uses IPsec without GRE. It works fine between 2 routers.
My problem is how to expand this to more than 2 routers. The traffic will only be IP unicast, there is no NAT involved and no dynamic routing. If I can avoid GRE, it'd be easier.
Thank you,
Remy
02-13-2006 01:29 PM
sounds like you want to 2 remote sites to talk to each other. That would be a fully meshed IPSEC connection. I also included Hub in Spoke if you want it. If you want to pass RPs or broadcasts accross the IPSEC connection I would use GRE. If you are using unicast traffic I would use a non GRE IPSEC solution.
fully meshed
hub and spoke
02-13-2006 05:29 PM
Jay,
thanks for the links. The doc on the fully meshed configuration answered my question.
I had initially created 2 crypto maps, and only one could be bound to the interface. The document indicated how to combine two tunnels whithin a single crypto map. Problem is resolved.
Thanks again.
Remy
02-17-2006 07:29 AM
Have you considered dynamic multipoint vpn (DMPVN)?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide