Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Multiple isakmp policies (Group 1 and Group 2) (http://www.velocityreviews.com/forums/t34455-multiple-isakmp-policies-group-1-and-group-2-a.html)

rmcnutt 07-13-2004 07:53 PM

Multiple isakmp policies (Group 1 and Group 2)
 
I have three VPN tunnels using one isakmp policy with group 1. I need
to add a fourth using group 2 ie "isakmp policy 1 group 2". How do I
apply the second isakmp policy to a new crypto map?

The ip addresses have been changed to protect their anonymity.

Robert

crypto ipsec transform-set strong esp-3des esp-md5-hmac
crypto map gnsc 10 ipsec-isakmp
crypto map gnsc 10 match address 103
crypto map gnsc 10 set peer 10.10.129.5
crypto map gnsc 10 set transform-set strong
crypto map gnsc 20 ipsec-isakmp
crypto map gnsc 20 match address 104
crypto map gnsc 20 set peer 10.10.206.141
crypto map gnsc 20 set transform-set strong
crypto map gnsc 30 ipsec-isakmp
crypto map gnsc 30 match address 105
crypto map gnsc 30 set peer 10.10.247.154
crypto map gnsc 30 set transform-set strong
crypto map gnsc 40 ipsec-isakmp
crypto map gnsc 40 match address 104
crypto map gnsc 40 set peer 10.10.34.43
crypto map gnsc 40 set transform-set strong
crypto map gnsc interface outside
isakmp enable outside
isakmp key ******** address 10.10.206.141 netmask 255.255.255.0
isakmp key ******** address 10.10.129.5 netmask 255.255.255.0
isakmp key ******** address 10.10.247.154 netmask 255.255.255.0
isakmp key ******** address 10.10.34.43 netmask 255.255.255.0

isakmp identity address
isakmp keepalive 10 3
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400

mcaissie 07-13-2004 09:33 PM

Re: Multiple isakmp policies (Group 1 and Group 2)
 
You just have to create a second policy

isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption 3des
isakmp policy 2 hash md5
isakmp policy 2 group 2
isakmp policy 2 lifetime 86400

Both peers must agree on a identical isakmp policy , but you can have more
than one configured on a
single device. And you don't need to specifically link the policy to the
crypto-map .


"rmcnutt" <r.m@earthlink.net> wrote in message
news:b3c343e4.0407131153.7e95e8d8@posting.google.c om...
> I have three VPN tunnels using one isakmp policy with group 1. I need
> to add a fourth using group 2 ie "isakmp policy 1 group 2". How do I
> apply the second isakmp policy to a new crypto map?
>
> The ip addresses have been changed to protect their anonymity.
>
> Robert
>
> crypto ipsec transform-set strong esp-3des esp-md5-hmac
> crypto map gnsc 10 ipsec-isakmp
> crypto map gnsc 10 match address 103
> crypto map gnsc 10 set peer 10.10.129.5
> crypto map gnsc 10 set transform-set strong
> crypto map gnsc 20 ipsec-isakmp
> crypto map gnsc 20 match address 104
> crypto map gnsc 20 set peer 10.10.206.141
> crypto map gnsc 20 set transform-set strong
> crypto map gnsc 30 ipsec-isakmp
> crypto map gnsc 30 match address 105
> crypto map gnsc 30 set peer 10.10.247.154
> crypto map gnsc 30 set transform-set strong
> crypto map gnsc 40 ipsec-isakmp
> crypto map gnsc 40 match address 104
> crypto map gnsc 40 set peer 10.10.34.43
> crypto map gnsc 40 set transform-set strong
> crypto map gnsc interface outside
> isakmp enable outside
> isakmp key ******** address 10.10.206.141 netmask 255.255.255.0
> isakmp key ******** address 10.10.129.5 netmask 255.255.255.0
> isakmp key ******** address 10.10.247.154 netmask 255.255.255.0
> isakmp key ******** address 10.10.34.43 netmask 255.255.255.0
>
> isakmp identity address
> isakmp keepalive 10 3
> isakmp policy 1 authentication pre-share
> isakmp policy 1 encryption 3des
> isakmp policy 1 hash md5
> isakmp policy 1 group 1
> isakmp policy 1 lifetime 86400





All times are GMT. The time now is 10:40 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.