Using 1 crypto map with multiple termination points via loopback interfaces?

bnv1 · ‎10-24-2018

High Level, I have one physical interface with a crypto map, but multiple loopback interfaces that peers will need to connect to. Any ideas how this can be done without using the local address command.

bnv1 · ‎10-25-2018

After some research, looks like I may be able to bind local address using isakmp profiles.

LuisMiguelTovarRodriguez6808 · ‎06-12-2020

I have the same problem, but an isakmp profile doesn't work, only works for incoming phase1solicitations.

Has anyone solve this problem.

I have this config:

crypto isakmp profile EXAMPLE
vrf EXAMPLE
keyring default
match identity address 1.1.1.1 255.255.255.255
local-address Loopback2 <-- OTHER PROFILEs WORKING HAS Loopback1

the firts instance for the crypto map is:

crypto map ipsec local-address Loopback1

Then another instances w another tunnels and finally this one:

crypto map ipsec 1111 ipsec-isakmp
description crypto map crypto_map_EXAMPLE
set peer 1.1.1.1
set transform-set AES256-SHA
set isakmp-profile EXAMPLE
match address EXAMPLE-ACL

and doesn't work, it tries to up phase 1 with loopback1 instead of loopback2

¿any ideas?

Deepak Kumar · ‎06-12-2020

Hi,

Not sure about IKEv1 but it will work with IKEv2.

Try with IKEv2.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

LuisMiguelTovarRodriguez6808 · ‎06-12-2020

THanks, I'll try