- Multiple isakmp policies (Group 1 and Group 2)
- Posted by rmcnutt on July 13th, 2004
I have three VPN tunnels using one isakmp policy with group 1. I need
to add a fourth using group 2 ie "isakmp policy 1 group 2". How do I
apply the second isakmp policy to a new crypto map?
The ip addresses have been changed to protect their anonymity.
Robert
crypto ipsec transform-set strong esp-3des esp-md5-hmac
crypto map gnsc 10 ipsec-isakmp
crypto map gnsc 10 match address 103
crypto map gnsc 10 set peer 10.10.129.5
crypto map gnsc 10 set transform-set strong
crypto map gnsc 20 ipsec-isakmp
crypto map gnsc 20 match address 104
crypto map gnsc 20 set peer 10.10.206.141
crypto map gnsc 20 set transform-set strong
crypto map gnsc 30 ipsec-isakmp
crypto map gnsc 30 match address 105
crypto map gnsc 30 set peer 10.10.247.154
crypto map gnsc 30 set transform-set strong
crypto map gnsc 40 ipsec-isakmp
crypto map gnsc 40 match address 104
crypto map gnsc 40 set peer 10.10.34.43
crypto map gnsc 40 set transform-set strong
crypto map gnsc interface outside
isakmp enable outside
isakmp key ******** address 10.10.206.141 netmask 255.255.255.0
isakmp key ******** address 10.10.129.5 netmask 255.255.255.0
isakmp key ******** address 10.10.247.154 netmask 255.255.255.0
isakmp key ******** address 10.10.34.43 netmask 255.255.255.0
isakmp identity address
isakmp keepalive 10 3
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
- Posted by mcaissie on July 13th, 2004
You just have to create a second policy
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 86400
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption 3des
isakmp policy 2 hash md5
isakmp policy 2 group 2
isakmp policy 2 lifetime 86400
Both peers must agree on a identical isakmp policy , but you can have more
than one configured on a
single device. And you don't need to specifically link the policy to the
crypto-map .
"rmcnutt" <r.m@earthlink.net> wrote in message
news:b3c343e4.0407131153.7e95e8d8@posting.google.c om...
- Ignore Group Policies (Networking) by caerdwyn@gmail.com
- Ignore Group Policies (Microsoft Windows) by caerdwyn@gmail.com
- Not getting a DHCP address before group policies run. (Networking) by RF1908
- Group Policies (Microsoft Windows) by Eric
- 2000 vs XP group policies (Setup & Deployment) by WGallagher
