several crypto maps for one interface, is it possible?

Discussion in 'Cisco' started by B.T., Oct 19, 2004.

  1. B.T.

    B.T. Guest

    I have my cisco 800 router configured to allow vpn from Cisco Client VPN
    software, so that anyone can connect from a laptop. To allow this I have:

    interface ATM0.1 point-to-point

    ip address xxxxx

    ip nat outside

    pvc 8/32

    encapsulation aal5snap

    !

    crypto map clientmap





    But now, I want to configure it to configure a VPN with other office, with
    other crypto map. How can I do this?, I mean is it right to set two cryto
    map for the same interface, in this way:

    interface ATM0.1 point-to-point

    ip address 213.96.73.215 255.255.255.192

    ip nat outside

    pvc 8/32

    encapsulation aal5snap

    !

    crypto map clientmap

    crypto map lanmap <<<<<-------------------- is it right to have both
    crypto maps, clientmap and lanmap for the same interface?



    Thanks,



    B.T.
    B.T., Oct 19, 2004
    #1
    1. Advertising

  2. In article <1_bdd.3140125$>,
    B.T. <> wrote:
    :I have my cisco 800 router configured to allow vpn from Cisco Client VPN
    :software, so that anyone can connect from a laptop. To allow this I have:

    : crypto map clientmap

    :But now, I want to configure it to configure a VPN with other office, with
    :eek:ther crypto map. How can I do this?, I mean is it right to set two cryto
    :map for the same interface

    No, you can only use one crypto map per interface. To be able to
    connect to multiple sites, use different crypto map policy numbers
    for the two.

    crypto map FOO 100 isakmp-ipsec
    crypto map FOO 100 match-address ...
    crypto map FOO 100 set peer ...
    crypto map FOO 150 isakmp-ipsec
    crypto map FOO 150 match-address ...
    crypto map FOO 150 set peer ...

    The policy numbers have no absolute meaning, but the lowest policy
    number will be evaluated before the first. This makes a difference
    if your access-list's for your match-address's have overlaps,
    and makes a difference when you import a crypto dynamic-map into
    a crypto map [in that you usually do not have an access-list associated
    with dynamic maps, and the implicit access-list in that case is to
    match everything as soon as a dynamic peer successfully negotiates.]
    --
    Caution: A subset of the statements in this message may be
    tautologically true.
    Walter Roberson, Oct 19, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tical
    Replies:
    2
    Views:
    3,091
    tical
    Dec 2, 2003
  2. Dan Lanciani

    tunnels and crypto maps

    Dan Lanciani, Mar 20, 2006, in forum: Cisco
    Replies:
    0
    Views:
    7,482
    Dan Lanciani
    Mar 20, 2006
  3. Replies:
    4
    Views:
    1,975
  4. Pondlife
    Replies:
    0
    Views:
    579
    Pondlife
    Apr 28, 2008
  5. Giuen
    Replies:
    0
    Views:
    838
    Giuen
    Sep 12, 2008
Loading...

Share This Page