Hi,
Please check config below:
HUB:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
crypto isakmp key secretkey address 0.0.0.0 0.0.0.0 (This tells the HUB router that the remote routers have dynamic public ip address)
Define your interesting traffic. Note that i've sepcified for two tunnels but basically it will be the same for the rest apart for the destination. I've used 192.168.1.0/24 and 192.168.2.0/24 as an example. You will need to replace it with your existing setup.
ip access-list extended TUN1
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended TUN2
permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
Create your Phase 2 policy
crypto ipsec transform-set TS esp-3des esp-md5-hmac
crypto map S2STUN 1 ipsec-isakmp dynamic HUB_TUN
crypto dynamic-map HUB_TUN 10
set security-association lifetime seconds 86400
set transform-set TS
match address TUN1
!
crypto dynamic-map HUB_TUN 11
set security-association lifetime seconds 86400
set transform-set TS
match address TUN2
Now apply the crypto map to your WAN interface
interface gi0/1
crypto map S2STUN
Now configuring on your remote Routers
Remote Router 1
crypto isakmp policy 1 encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
!
crypto isakmp key secretkey address x.x.x.x (replace with your HUB public ip address)
!
ip access-list extended TUNNEL-TRAFFIC
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map TUN_TO_HUB 10 ipsec-isakmp
set peer x.x.x.x (replace with your hub public ip address)
set transform-set TS
match address TUNNEL-TRAFFIC
!
interface gi0/1
crypto map TUN_TO_HUB
Remote Router 2
crypto isakmp policy 1 encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
!
crypto isakmp key secretkey address x.x.x.x (replace with your HUB public ip address)
!
ip access-list extended TUNNEL-TRAFFIC
permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map TUN_TO_HUB 10 ipsec-isakmp
set peer x.x.x.x (replace with your hub public ip address)
set transform-set TS
match address TUNNEL-TRAFFIC
!
interface gi0/1
crypto map TUN_TO_HUB
HTH.
Please rate helpful post.
Regards,
Terence