Multiple isakmp policies (Group 1 and Group 2)

Discussion in 'Cisco' started by rmcnutt, Jul 13, 2004.

  1. rmcnutt

    rmcnutt Guest

    I have three VPN tunnels using one isakmp policy with group 1. I need
    to add a fourth using group 2 ie "isakmp policy 1 group 2". How do I
    apply the second isakmp policy to a new crypto map?

    The ip addresses have been changed to protect their anonymity.

    Robert

    crypto ipsec transform-set strong esp-3des esp-md5-hmac
    crypto map gnsc 10 ipsec-isakmp
    crypto map gnsc 10 match address 103
    crypto map gnsc 10 set peer 10.10.129.5
    crypto map gnsc 10 set transform-set strong
    crypto map gnsc 20 ipsec-isakmp
    crypto map gnsc 20 match address 104
    crypto map gnsc 20 set peer 10.10.206.141
    crypto map gnsc 20 set transform-set strong
    crypto map gnsc 30 ipsec-isakmp
    crypto map gnsc 30 match address 105
    crypto map gnsc 30 set peer 10.10.247.154
    crypto map gnsc 30 set transform-set strong
    crypto map gnsc 40 ipsec-isakmp
    crypto map gnsc 40 match address 104
    crypto map gnsc 40 set peer 10.10.34.43
    crypto map gnsc 40 set transform-set strong
    crypto map gnsc interface outside
    isakmp enable outside
    isakmp key ******** address 10.10.206.141 netmask 255.255.255.0
    isakmp key ******** address 10.10.129.5 netmask 255.255.255.0
    isakmp key ******** address 10.10.247.154 netmask 255.255.255.0
    isakmp key ******** address 10.10.34.43 netmask 255.255.255.0

    isakmp identity address
    isakmp keepalive 10 3
    isakmp policy 1 authentication pre-share
    isakmp policy 1 encryption 3des
    isakmp policy 1 hash md5
    isakmp policy 1 group 1
    isakmp policy 1 lifetime 86400
     
    rmcnutt, Jul 13, 2004
    #1
    1. Advertisements

  2. rmcnutt

    mcaissie Guest

    You just have to create a second policy

    isakmp policy 1 authentication pre-share
    isakmp policy 1 encryption 3des
    isakmp policy 1 hash md5
    isakmp policy 1 group 1
    isakmp policy 1 lifetime 86400
    isakmp policy 2 authentication pre-share
    isakmp policy 2 encryption 3des
    isakmp policy 2 hash md5
    isakmp policy 2 group 2
    isakmp policy 2 lifetime 86400

    Both peers must agree on a identical isakmp policy , but you can have more
    than one configured on a
    single device. And you don't need to specifically link the policy to the
    crypto-map .


    "rmcnutt" <> wrote in message
    news:...
    > I have three VPN tunnels using one isakmp policy with group 1. I need
    > to add a fourth using group 2 ie "isakmp policy 1 group 2". How do I
    > apply the second isakmp policy to a new crypto map?
    >
    > The ip addresses have been changed to protect their anonymity.
    >
    > Robert
    >
    > crypto ipsec transform-set strong esp-3des esp-md5-hmac
    > crypto map gnsc 10 ipsec-isakmp
    > crypto map gnsc 10 match address 103
    > crypto map gnsc 10 set peer 10.10.129.5
    > crypto map gnsc 10 set transform-set strong
    > crypto map gnsc 20 ipsec-isakmp
    > crypto map gnsc 20 match address 104
    > crypto map gnsc 20 set peer 10.10.206.141
    > crypto map gnsc 20 set transform-set strong
    > crypto map gnsc 30 ipsec-isakmp
    > crypto map gnsc 30 match address 105
    > crypto map gnsc 30 set peer 10.10.247.154
    > crypto map gnsc 30 set transform-set strong
    > crypto map gnsc 40 ipsec-isakmp
    > crypto map gnsc 40 match address 104
    > crypto map gnsc 40 set peer 10.10.34.43
    > crypto map gnsc 40 set transform-set strong
    > crypto map gnsc interface outside
    > isakmp enable outside
    > isakmp key ******** address 10.10.206.141 netmask 255.255.255.0
    > isakmp key ******** address 10.10.129.5 netmask 255.255.255.0
    > isakmp key ******** address 10.10.247.154 netmask 255.255.255.0
    > isakmp key ******** address 10.10.34.43 netmask 255.255.255.0
    >
    > isakmp identity address
    > isakmp keepalive 10 3
    > isakmp policy 1 authentication pre-share
    > isakmp policy 1 encryption 3des
    > isakmp policy 1 hash md5
    > isakmp policy 1 group 1
    > isakmp policy 1 lifetime 86400
     
    mcaissie, Jul 13, 2004
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads
  1. Ola Theander
    Replies:
    0
    Views:
    875
    Ola Theander
    Sep 8, 2004
  2. Rafael
    Replies:
    0
    Views:
    3,582
    Rafael
    May 28, 2004
  3. Irving
    Replies:
    1
    Views:
    827
    Walter Roberson
    Nov 26, 2004
  4. Mr K

    Group Policies

    Mr K, Feb 7, 2004, in forum: MCSE
    Replies:
    1
    Views:
    717
    Rowdy Yates
    Feb 7, 2004
  5. Zandra
    Replies:
    2
    Views:
    1,075
    Ron Martell
    Jul 9, 2005
  6. ex-Zephion

    Port 6667 & 10.0.1.128/1.1.1.1/1.3.3.7

    ex-Zephion, Sep 18, 2003, in forum: Computer Security
    Replies:
    4
    Views:
    2,214
    Chuck
    Sep 19, 2003
  7. RADIUS Server and Group Policies

    , Sep 13, 2008, in forum: Wireless Networking
    Replies:
    1
    Views:
    672
    Lanwench [MVP - Exchange]
    Sep 16, 2008
  8. Paul

    RADIUS Server and Group Policies

    Paul, Sep 13, 2008, in forum: Wireless Networking
    Replies:
    1
    Views:
    715
    Stephen Liffen
    Sep 14, 2008
Loading...