I have a Cisco 3640 with an internal interface (192.168.0.1) and external interface (a.b.c.d). Everything on the internal is NAT to the external with overload. I have have an IPSEC tunnel setup betwenn the external and another router. The inside of the other router has ip of
10.0.0.1. Everything works great. Any machine on the internal network can ping a machine on the remove network (192.168.0.x to 10.0.0.x). Now, I add another internal interface to the 3640 (192.168.1.1). Setup the NAT with overload just like the first internal interface. Everything works great. Any machine on the second internal can see the internet, but, they cannot access 10.0.0.x ! My question is, can two internal interfaces access the same IPSEC tunnel ?When I do a SHOW IPSEC CRYPTO SA I get this local ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (10.0.9.0/255.255.255.0/0/0)
There is never a local ident with 192.168.1.0 for the second interface. When I ping from the second interface I get this debug error
34867: 21:43:56: IP: s=192.168.1.43 (FastEthernet1/0), d=10.0.0.1 (Loopback0), g=1.1.1.3, len 60, forward 34868: 21:43:56: ICMP type=8, code=034869: 21:43:56: IP: s=192.168.1.43 (Loopback0), d=10.0.0.1 (FastEthernet1/1), len 60, crypto map check failed.
34870: 21:43:56: ICMP type=8, code=0 Anybody have a solution ?