Hello Everybody,
As I'm not so skilled in adding VPN tunnels, could anybody give me some help understanding my configuration.
I already have a ipsec tunnel working with a site (let's name it SITEA)
In my config i have:
... access-list acl-sitea extended permit ip 10.159.1.0 255.255.255.0 host sitea_private_adress access-list acl-sitea extended permit ip 10.159.10.0 255.255.255.0 host sitea_private_adress access-list acl-nonat extended permit ip 10.159.1.0 255.255.255.0 host sitea_private_adress access-list acl-nonat extended permit ip 10.159.10.0 255.255.255.0 host sitea_private_adress ... nat (inside) 0 access-list acl-nonat ... crypto ipsec transform-set t_sitea esp-3des esp-md5-hmac ... crypto map vpn-all 3 match address acl-sitea crypto map vpn-all 3 set peer sitea_public_adress crypto map vpn-all 3 set transform-set t_sitea crypto map vpn-all interface outside ... crypto isakmp enable outside ... crypto isakmp policy 3 authentication pre-share encryption 3des hash md5 group 2 lifetime 600 ... crypto isakmp nat-traversal 20 ... tunnel-group sitea_public_adress type ipsec-l2l tunnel-group sitea_public_adress ipsec-attributes pre-shared-key * ...
This config works fine at this moment.
Now i have to add a second tunnel to an other site, say SITEB.
I'll have to add the access-lists:
access-list acl-sitea extended permit ip 10.159.1.0 255.255.255.0 host siteb_private_adress access-list acl-sitea extended permit ip 10.159.10.0 255.255.255.0 host siteb_private_adress access-list acl-nonat extended permit ip 10.159.1.0 255.255.255.0 host siteb_private_adress access-list acl-nonat extended permit ip 10.159.10.0 255.255.255.0 host siteb_private_adress
and then the transform set of this site, in this case:
crypto ipsec transform-set t_siteb esp-3des esp-sha-hmac
and now i have trouble with the crypto map... Do i enter:
crypto map vpn-all 4 ... or crypto map vpn_b 3
I do not realy know if i have to take the same name and change the number, or if i have to change the name for a seconf tunnel ? Can somebody tell me ?
Also, about the policy, is there a link between the policy 3 in my exemple, and number 3 in my crypto map config ? If not, how is the link done between SITEA config, and the pocily used as this moment ?
If SITEB gives me a other policy, how can i do the link between policy (says
4), and the crypto map config ?Thanks a lot for your advise.
Best regards,
Johan