3005 concentrator multiple sa's

Discussion in 'Cisco' started by Michael Letchworth, May 9, 2006.

  1. I'm new to the 3005 so forgive me if I have a stupid question.
    I can setup a lan 2 lan IPsec with no problem but I can't figure
    out how to route another SA or subnet across that same IKE
    policy/tunnel. When I tried to add another L2L it says that you can
    only use the peer once. On a pix you just add an access list for
    for each data pattern that you want to go across the tunnel.

    Any help would be appreciated.

    Thanks
     
    Michael Letchworth, May 9, 2006
    #1
    1. Advertising

  2. Michael Letchworth

    Guest

    under your L2L config

    Configuration | Tunneling and Security | IPSec | LAN-to-LAN

    change the local and or remote networks to a network list
    (you define network lists under
    Configuration | Policy Management | Traffic Management | Network Lists)

    a network list defines which networks "route" over the tunnel.

    You will need to make them the same on each peer concentrator...

    so if one concentrator is only sourcing one subnet, it can still have a
    subnet/wild card
    mask under the "local network part of the lan to lan config" and its
    remote network peer will be a network list.. you can also use a network
    list on both sides of the lan to lan connection, where each side has
    multiple networks that the peer needs to know.

    Joe

    Michael Letchworth wrote:
    > I'm new to the 3005 so forgive me if I have a stupid question.
    > I can setup a lan 2 lan IPsec with no problem but I can't figure
    > out how to route another SA or subnet across that same IKE
    > policy/tunnel. When I tried to add another L2L it says that you can
    > only use the peer once. On a pix you just add an access list for
    > for each data pattern that you want to go across the tunnel.
    >
    > Any help would be appreciated.
    >
    > Thanks
     
    , May 9, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob
    Replies:
    0
    Views:
    468
  2. kerleyp(you_must_remove_this)

    Monitor Cisco 3005 Concentrator

    kerleyp(you_must_remove_this), May 10, 2004, in forum: Cisco
    Replies:
    1
    Views:
    734
    gene martinez
    May 10, 2004
  3. Kai
    Replies:
    1
    Views:
    874
    Walter Roberson
    May 14, 2004
  4. Frank Marano
    Replies:
    2
    Views:
    1,386
    Frank Marano
    May 27, 2004
  5. RJ45
    Replies:
    3
    Views:
    1,502
    Rik Bain
    Aug 12, 2004
Loading...

Share This Page