Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1633
Views
0
Helpful
4
Replies

Multiple IKEv2 VPN with Azure

tahirjamil
Level 1
Level 1

‎07-17-2017 01:58 AM

Hi,

I am currently having a IKE V2 VPN Tunnel between Azure and Cisco router 2901 IOS 15.1.3, L2L traffic is fine. I am trying to create another IKE V2 VPN between Azure and same Cisco router having different peer and different LAN on Azure. 

The new VPN tunnel is not establishing unless and until I shutdown the existing established IKE V2 VPN tunnel and vice versa. Only 1 IKE V2 Tunnel is working, in case of multiple IKE V2 only existing is working. Below are the configurations:

crypto ikev2 proposal azure-proposal
encryption aes-cbc-256 aes-cbc-128 3des
integrity sha1
group 2
!
crypto ikev2 policy azure-policy
proposal azure-proposal
!
crypto ikev2 keyring azure-keyring
peer X.X.X.X
address X.X.X.X
pre-shared-key *******
!
!
crypto ikev2 keyring azure-keyring-2
peer X.X.X.X
address X.X.X.X
pre-shared-key *******

crypto ikev2 profile azure-profile
match address local interface GigabitEthernet0/0
match identity remote address x.x.x.x x.x.x.x
authentication local pre-share
authentication remote pre-share
keyring azure-keyring
!
crypto ikev2 profile azure-profile-2
match address local interface GigabitEthernet0/0
match identity remote address x.x.x.x x.x.x.x
authentication local pre-share
authentication remote pre-share
keyring azure-keyring-2
!

crypto ipsec transform-set azure-ipsec-proposal-set esp-aes 256 esp-sha-hmac
!
crypto ipsec profile AZURE
set transform-set azure-ipsec-proposal-set
set ikev2-profile azure-profile
!
crypto ipsec profile AZURE-2
set transform-set azure-ipsec-proposal-set
set ikev2-profile azure-profile-2

interface Tunnel40
description AZURE
ip address x.x.x.x x.x.x.x
ip tcp adjust-mss 1350
tunnel source x.x.x.x
tunnel mode ipsec ipv4
tunnel destination x.x.x.x
tunnel protection ipsec profile AZURE
!
interface Tunnel45
description AZURE
ip address x.x.x.x x.x.x.x
ip tcp adjust-mss 1350
tunnel source x.x.x.x
tunnel mode ipsec ipv4
tunnel destination x.x.x.x
tunnel protection ipsec profile AZURE-2

ip route 10.85.x.0 255.255.255.0 Tunnel40

ip route 10.95.x.0 255.255.255.0 Tunnel45

I dont know what is missing.

Labels:
0 Helpful
4 Replies 4

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎07-17-2017 02:06 AM

Hi,

Is the Azure IP for both the tunnels same?

Regards,

Aditya

0 Helpful

tahirjamil
Level 1
Level 1
In response to Aditya Ganjoo

‎07-17-2017 03:08 AM

No Azure Public peer IP addresses are different

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to tahirjamil

‎07-17-2017 05:06 AM

Hi,

Then can you please share the output of debugs for the concerned tunnel:

debug cry condition peer ipv4 <>

debug cry isa

debug cry ips

Regards,

Aditya

0 Helpful

Brad Nightingale
Level 1
Level 1

‎10-03-2017 12:45 PM

Hi

I have exactly the same problem!  Did you ever resolve this?

Also I have to ask, the tunnel interface IP addresses, how do you know what to set this as?  Where is this documented?  I have the same CISCO 2901 with 2 VPN's to two different AZURE instances.  I can only ever get one to stand, but I dont know for the second VPN instance what to set the IP address for the second VPN tunnel as well.

 

Any help you can give would be appreciated!

Brad

0 Helpful
Customers Also Viewed These Support Documents