cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
158
Views
0
Helpful
0
Replies
Highlighted
Beginner

Multiple certificates / Trustpoints / crypomap entries for the same Peer

Hi 

 

I have a situation where I need to peer with a single device: I need to run multiple tunnels, each with a unique certificate, and unique interesting traffic. For example 

 

crypto map CRYPTO-MAP 1 match address XXXXXXXX

crypto map CRYPTO-MAP 1 set peer 192.168.1.1

crypto map CRYPTO-MAP 1 set pfs group19

crypto map CRYPTO-MAP 1 set ikev2 ipsec-proposal TO-PEER

crypto map CRYPTO-MAP 1 set  trustpoint  192.168.1.1-1

crypto map CRYPTO-MAP 2 match address YYYYYYYYY

crypto map CRYPTO-MAP 2 set peer 192.168.1.1

crypto map CRYPTO-MAP 2 set pfs group19

crypto map CRYPTO-MAP 2 set ikev2 ipsec-proposal TO-PEER

crypto map CRYPTO-MAP 2 set  trustpoint  192.168.1.1-2

crypto map CRYPTO-MAP interface outside

 

So in this scenario both maps use the same peer,  and use the same IPSEC proposal, Trust points 192.168.1.1-1 and 192.168.1.1-2 have different certificates, which are aligned to unique tunnel groups 

 

It doesn't seem to like it - Seems I can bring up one or the other but not both