04-03-2017 04:17 AM
Hello everyone,
I am trying to figure out the following task, if anyone could help me that would be great.
I neet to configure a vpn ipsec with gre between two routers. (R1 and R2).
R2 has:
statis public ip address.
its on another site so i cant change the configuration.
R1 (one my side):
two dialer interfaces with dynamic ip address with one crypto map each.
needs to configure vpn, ipsec and gre to the one peer on the R1 side.
problem: I cant figure out how to use the same peer on both crypto maps on both interfaces.
if someone can help me that would be great.
Regards,
04-03-2017 04:32 AM
You can use the same crypto map on both the interfaces. This way the same peer will be applied to both interfaces.
What are you trying to achieve with this configuration?
04-03-2017 04:45 AM
Thank Rahul for your answer.
That still has one problem. I need to have both vpn at the same time and having only one peer as destination forces me to only use one dialer at a time because it needs to be routed and it only uses one dialer in that scenario.
Im trying to achive 2 vpn active at the same time to one peer to split traffic between the two dialers.
04-03-2017 05:03 AM
You can use an Equal cost load balancing to load balance traffic to the same destination network via both Dialers. But that is not going to be the big problem. Since you want to use 2 Dialers for the same tunnel, the remote peer is going to have 2 tunnels on 1 interface for the same source and destination VPN traffic. By default, it will only pick the first tunnel. So what will happen is that even though you send traffic across 2 tunnels using load balanced routes, traffic will always be returned using the first tunnel from the remote end. You can add a workaround for translating the traffic on your side before hitting the VPN, so that the peer see's the traffic from the 2 tunnels with different source ip addresses. This will allow the peer to route return traffic via both tunnels - hence load balancing it.
04-03-2017 05:33 AM
I was thinking the same thing, to translate the traffic. But i dont see how to do it. Do you have any example? (i know how to nat etc but i am not noticing how to apply the solution).
04-04-2017 02:31 PM
I don't think there is an exact guide to do this. But you can use the following guide for NAT with IPsec when you have overlapping subnets:
http://www.cisco.com/c/en/us/support/docs/routers/3800-series-integrated-services-routers/107992-IOSRouter-overlapping.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide