Multiple isakmp policies (Group 1 and Group 2)

Discussion in 'Cisco' started by rmcnutt, Jul 13, 2004.

  1. rmcnutt

    rmcnutt Guest

    I have three VPN tunnels using one isakmp policy with group 1. I need
    to add a fourth using group 2 ie "isakmp policy 1 group 2". How do I
    apply the second isakmp policy to a new crypto map?

    The ip addresses have been changed to protect their anonymity.

    Robert

    crypto ipsec transform-set strong esp-3des esp-md5-hmac
    crypto map gnsc 10 ipsec-isakmp
    crypto map gnsc 10 match address 103
    crypto map gnsc 10 set peer 10.10.129.5
    crypto map gnsc 10 set transform-set strong
    crypto map gnsc 20 ipsec-isakmp
    crypto map gnsc 20 match address 104
    crypto map gnsc 20 set peer 10.10.206.141
    crypto map gnsc 20 set transform-set strong
    crypto map gnsc 30 ipsec-isakmp
    crypto map gnsc 30 match address 105
    crypto map gnsc 30 set peer 10.10.247.154
    crypto map gnsc 30 set transform-set strong
    crypto map gnsc 40 ipsec-isakmp
    crypto map gnsc 40 match address 104
    crypto map gnsc 40 set peer 10.10.34.43
    crypto map gnsc 40 set transform-set strong
    crypto map gnsc interface outside
    isakmp enable outside
    isakmp key ******** address 10.10.206.141 netmask 255.255.255.0
    isakmp key ******** address 10.10.129.5 netmask 255.255.255.0
    isakmp key ******** address 10.10.247.154 netmask 255.255.255.0
    isakmp key ******** address 10.10.34.43 netmask 255.255.255.0

    isakmp identity address
    isakmp keepalive 10 3
    isakmp policy 1 authentication pre-share
    isakmp policy 1 encryption 3des
    isakmp policy 1 hash md5
    isakmp policy 1 group 1
    isakmp policy 1 lifetime 86400
    rmcnutt, Jul 13, 2004
    #1
    1. Advertising

  2. rmcnutt

    mcaissie Guest

    You just have to create a second policy

    isakmp policy 1 authentication pre-share
    isakmp policy 1 encryption 3des
    isakmp policy 1 hash md5
    isakmp policy 1 group 1
    isakmp policy 1 lifetime 86400
    isakmp policy 2 authentication pre-share
    isakmp policy 2 encryption 3des
    isakmp policy 2 hash md5
    isakmp policy 2 group 2
    isakmp policy 2 lifetime 86400

    Both peers must agree on a identical isakmp policy , but you can have more
    than one configured on a
    single device. And you don't need to specifically link the policy to the
    crypto-map .


    "rmcnutt" <> wrote in message
    news:...
    > I have three VPN tunnels using one isakmp policy with group 1. I need
    > to add a fourth using group 2 ie "isakmp policy 1 group 2". How do I
    > apply the second isakmp policy to a new crypto map?
    >
    > The ip addresses have been changed to protect their anonymity.
    >
    > Robert
    >
    > crypto ipsec transform-set strong esp-3des esp-md5-hmac
    > crypto map gnsc 10 ipsec-isakmp
    > crypto map gnsc 10 match address 103
    > crypto map gnsc 10 set peer 10.10.129.5
    > crypto map gnsc 10 set transform-set strong
    > crypto map gnsc 20 ipsec-isakmp
    > crypto map gnsc 20 match address 104
    > crypto map gnsc 20 set peer 10.10.206.141
    > crypto map gnsc 20 set transform-set strong
    > crypto map gnsc 30 ipsec-isakmp
    > crypto map gnsc 30 match address 105
    > crypto map gnsc 30 set peer 10.10.247.154
    > crypto map gnsc 30 set transform-set strong
    > crypto map gnsc 40 ipsec-isakmp
    > crypto map gnsc 40 match address 104
    > crypto map gnsc 40 set peer 10.10.34.43
    > crypto map gnsc 40 set transform-set strong
    > crypto map gnsc interface outside
    > isakmp enable outside
    > isakmp key ******** address 10.10.206.141 netmask 255.255.255.0
    > isakmp key ******** address 10.10.129.5 netmask 255.255.255.0
    > isakmp key ******** address 10.10.247.154 netmask 255.255.255.0
    > isakmp key ******** address 10.10.34.43 netmask 255.255.255.0
    >
    > isakmp identity address
    > isakmp keepalive 10 3
    > isakmp policy 1 authentication pre-share
    > isakmp policy 1 encryption 3des
    > isakmp policy 1 hash md5
    > isakmp policy 1 group 1
    > isakmp policy 1 lifetime 86400
    mcaissie, Jul 13, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ola Theander
    Replies:
    0
    Views:
    647
    Ola Theander
    Sep 8, 2004
  2. Rafael
    Replies:
    0
    Views:
    3,287
    Rafael
    May 28, 2004
  3. Irving
    Replies:
    1
    Views:
    572
    Walter Roberson
    Nov 26, 2004
  4. RADIUS Server and Group Policies

    , Sep 13, 2008, in forum: Wireless Networking
    Replies:
    1
    Views:
    476
    Lanwench [MVP - Exchange]
    Sep 16, 2008
  5. Paul

    RADIUS Server and Group Policies

    Paul, Sep 13, 2008, in forum: Wireless Networking
    Replies:
    1
    Views:
    524
    Stephen Liffen
    Sep 14, 2008
Loading...

Share This Page