Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
386
Views
0
Helpful
0
Replies

Multiple certificates / Trustpoints / crypomap entries for the same Peer

swish78
Level 1
Level 1

‎07-06-2020 04:29 AM

Hi 

 

I have a situation where I need to peer with a single device: I need to run multiple tunnels, each with a unique certificate, and unique interesting traffic. For example 

 

crypto map CRYPTO-MAP 1 match address XXXXXXXX

crypto map CRYPTO-MAP 1 set peer 192.168.1.1

crypto map CRYPTO-MAP 1 set pfs group19

crypto map CRYPTO-MAP 1 set ikev2 ipsec-proposal TO-PEER

crypto map CRYPTO-MAP 1 set  trustpoint  192.168.1.1-1

crypto map CRYPTO-MAP 2 match address YYYYYYYYY

crypto map CRYPTO-MAP 2 set peer 192.168.1.1

crypto map CRYPTO-MAP 2 set pfs group19

crypto map CRYPTO-MAP 2 set ikev2 ipsec-proposal TO-PEER

crypto map CRYPTO-MAP 2 set  trustpoint  192.168.1.1-2

crypto map CRYPTO-MAP interface outside

 

So in this scenario both maps use the same peer,  and use the same IPSEC proposal, Trust points 192.168.1.1-1 and 192.168.1.1-2 have different certificates, which are aligned to unique tunnel groups 

 

It doesn't seem to like it - Seems I can bring up one or the other but not both 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents