I have to setup a router with multiple site to site tunnels. I already have one of the tunnels established. The subnets at each branch office will NOT overlap.
I am using NAT Overload w/static nat translations, I have a route map to except vpn traffic from the nat process.
crypto map intmap 5 ipsec-isakmp
set peer <Branch Office A>
set transform-set trans1
match address 130
route-map rock permit 10
match ip address 123
set ip next-hop 126.96.36.199
route-map nonat permit 10
match ip address 110
How do I add a crypto map that will do Branch Office B?
Cool beans, that is what I thought.
Are there any caveats or best practices? Should I expect to be able to route branch to branch traffic through the HQ? Or should I setup separate tunnels for that?
Honestly, the best set-up for what I think you are looking for is DMVPN. http://www.cisco.com/en/US/products/ps6658/index.html
This allows you to build dynamic tunnels between offices without hair-pin routing via the Hub. After the traffic stops between site to site it will tear the tunnel back down based on the timers you set-up. This is accomplished via NHRP, with is a table that holds are next hops of all te tunnels. So for instance site A wants to talk to site F. Site A will send a look-up to the Hub asking for this info. The hub will respond and site A and F will negotiate a tunnel.