cisco site to multisite issue

[MaL3aS]

Hi,

I know that this question may have been answered again but because I cannot find it I have to ask it again.

I have a Cisco 851 and I have multiple locations with the same or different hardware. I have successfully connected the first site with IPSEC vpn site to site. Now I need the second location which runs on ASA 5510 version 7 to be connected on the 851 so that I have a site to multisite vpn.

Is this possible?

Thank you

Chris

 

[bobbyforhire]

I don't see why not, both are capable of performing those tasks. are you have an issue or are you just wondering if they can?

 

[MaL3aS]

I don't know how to do it on the 851 I mean add a second IPSEC vpn for the second location

 

[burtsbees]

Yes it can be done---just add another IPSEC policy and specify parameters for it and add that to the interface.

Burt

 

[MaL3aS]

OK my problem is this

On Interface Fastethernet4 I have:
crypto map backhome

Then for Crypto I have:
crypto map backhome 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set GOOD
set pfs group2
match address 114
crypto map backhome 65535 ipsec-isakmp dynamic SDM_DYNMAP_1

In this case only backhome is declared on the interface and I cannot have a second one. How I will make a new crypto map with the new peer?

 

[burtsbees]

Oh I see what you want...no, only one per interface. Sorry.

Burt

 

[Edcrosbys]

Can you create virtual interfaces and setup the tunnels between them?

 

[baddos]

Swap the ASA and the 851 physically and you can do what you want to do. The 851 is a small router, and isn't intended to be used that way.

 

[MaL3aS]

I cannot swap them but what will do is create IPinIP tunnels and get it over with

That can be done right?