Hi
I have a situation where I need to peer with a single device: I need to run multiple tunnels, each with a unique certificate, and unique interesting traffic. For example
crypto map CRYPTO-MAP 1 match address XXXXXXXX
crypto map CRYPTO-MAP 1 set peer 192.168.1.1
crypto map CRYPTO-MAP 1 set pfs group19
crypto map CRYPTO-MAP 1 set ikev2 ipsec-proposal TO-PEER
crypto map CRYPTO-MAP 1 set trustpoint 192.168.1.1-1
crypto map CRYPTO-MAP 2 match address YYYYYYYYY
crypto map CRYPTO-MAP 2 set peer 192.168.1.1
crypto map CRYPTO-MAP 2 set pfs group19
crypto map CRYPTO-MAP 2 set ikev2 ipsec-proposal TO-PEER
crypto map CRYPTO-MAP 2 set trustpoint 192.168.1.1-2
crypto map CRYPTO-MAP interface outside
So in this scenario both maps use the same peer, and use the same IPSEC proposal, Trust points 192.168.1.1-1 and 192.168.1.1-2 have different certificates, which are aligned to unique tunnel groups
It doesn't seem to like it - Seems I can bring up one or the other but not both