cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
685
Views
0
Helpful
4
Replies
Highlighted
Beginner

Multiple Site to Site Tunnels

I have to setup a router with multiple site to site tunnels.  I already have one of the tunnels established.  The subnets at each branch office will NOT overlap.

I am using NAT Overload w/static nat translations, I have a route map to except vpn traffic from the nat process.

crypto map intmap 5 ipsec-isakmp
set peer <Branch Office A>
set transform-set trans1
match address 130

route-map rock permit 10
match ip address 123
set ip next-hop 1.1.1.2
!
route-map nonat permit 10
match ip address 110

How do I add a crypto map that will do Branch Office B?

4 REPLIES 4
Highlighted
Frequent Contributor

same as the first just increase the process number.  You have 5, use 10:

crypto map intmap 10 ipsec-isakmp

set peer

Highlighted

Cool beans, that is what I thought.

Are there any caveats or best practices?  Should I expect to be able to route branch to branch traffic through the HQ? Or should I setup separate tunnels for that?

Highlighted

Honestly, the best set-up for what I think you are looking for is DMVPN.  http://www.cisco.com/en/US/products/ps6658/index.html

This allows you to build dynamic tunnels between offices without hair-pin routing via the Hub.  After the traffic stops between site to site it will tear the tunnel back down based on the timers you set-up.  This is accomplished via NHRP, with is a table that holds are next hops of all te tunnels.  So for instance site A wants to talk to site F.  Site A will send a look-up to the Hub asking for this info.  The hub will respond and site A and F will negotiate a tunnel.

Highlighted
Frequent Contributor

Content for Community-Ad