Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Multiple isakmp policies (Group 1 and Group 2)

Reply
Thread Tools

Multiple isakmp policies (Group 1 and Group 2)

 
 
rmcnutt
Guest
Posts: n/a
 
      07-13-2004
I have three VPN tunnels using one isakmp policy with group 1. I need
to add a fourth using group 2 ie "isakmp policy 1 group 2". How do I
apply the second isakmp policy to a new crypto map?

The ip addresses have been changed to protect their anonymity.

Robert

crypto ipsec transform-set strong esp-3des esp-md5-hmac
crypto map gnsc 10 ipsec-isakmp
crypto map gnsc 10 match address 103
crypto map gnsc 10 set peer 10.10.129.5
crypto map gnsc 10 set transform-set strong
crypto map gnsc 20 ipsec-isakmp
crypto map gnsc 20 match address 104
crypto map gnsc 20 set peer 10.10.206.141
crypto map gnsc 20 set transform-set strong
crypto map gnsc 30 ipsec-isakmp
crypto map gnsc 30 match address 105
crypto map gnsc 30 set peer 10.10.247.154
crypto map gnsc 30 set transform-set strong
crypto map gnsc 40 ipsec-isakmp
crypto map gnsc 40 match address 104
crypto map gnsc 40 set peer 10.10.34.43
crypto map gnsc 40 set transform-set strong
crypto map gnsc interface outside
isakmp enable outside
isakmp key ******** address 10.10.206.141 netmask 255.255.255.0
isakmp key ******** address 10.10.129.5 netmask 255.255.255.0
isakmp key ******** address 10.10.247.154 netmask 255.255.255.0
isakmp key ******** address 10.10.34.43 netmask 255.255.255.0

isakmp identity address
isakmp keepalive 10 3
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
 
Reply With Quote
 
 
 
 
mcaissie
Guest
Posts: n/a
 
      07-13-2004
You just have to create a second policy

isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption 3des
isakmp policy 2 hash md5
isakmp policy 2 group 2
isakmp policy 2 lifetime 86400

Both peers must agree on a identical isakmp policy , but you can have more
than one configured on a
single device. And you don't need to specifically link the policy to the
crypto-map .


"rmcnutt" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I have three VPN tunnels using one isakmp policy with group 1. I need
> to add a fourth using group 2 ie "isakmp policy 1 group 2". How do I
> apply the second isakmp policy to a new crypto map?
>
> The ip addresses have been changed to protect their anonymity.
>
> Robert
>
> crypto ipsec transform-set strong esp-3des esp-md5-hmac
> crypto map gnsc 10 ipsec-isakmp
> crypto map gnsc 10 match address 103
> crypto map gnsc 10 set peer 10.10.129.5
> crypto map gnsc 10 set transform-set strong
> crypto map gnsc 20 ipsec-isakmp
> crypto map gnsc 20 match address 104
> crypto map gnsc 20 set peer 10.10.206.141
> crypto map gnsc 20 set transform-set strong
> crypto map gnsc 30 ipsec-isakmp
> crypto map gnsc 30 match address 105
> crypto map gnsc 30 set peer 10.10.247.154
> crypto map gnsc 30 set transform-set strong
> crypto map gnsc 40 ipsec-isakmp
> crypto map gnsc 40 match address 104
> crypto map gnsc 40 set peer 10.10.34.43
> crypto map gnsc 40 set transform-set strong
> crypto map gnsc interface outside
> isakmp enable outside
> isakmp key ******** address 10.10.206.141 netmask 255.255.255.0
> isakmp key ******** address 10.10.129.5 netmask 255.255.255.0
> isakmp key ******** address 10.10.247.154 netmask 255.255.255.0
> isakmp key ******** address 10.10.34.43 netmask 255.255.255.0
>
> isakmp identity address
> isakmp keepalive 10 3
> isakmp policy 1 authentication pre-share
> isakmp policy 1 encryption 3des
> isakmp policy 1 hash md5
> isakmp policy 1 group 1
> isakmp policy 1 lifetime 86400



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RADIUS Server and Group Policies pauled74@gmail.com Wireless Networking 1 09-16-2008 12:49 AM
RADIUS Server and Group Policies Paul Wireless Networking 1 09-14-2008 08:50 PM
Multiple PPTP Group Policies in PIX Irving Cisco 1 11-26-2004 09:12 PM
Prblm: Radius, WLAN, roaming profiles and software install via group policies Ola Theander Wireless Networking 0 09-08-2004 09:50 PM
crypto isakmp policies....illogical or what?? Rafael Cisco 0 05-28-2004 01:50 PM



Advertisments