VPN using IPSEC, crypto map: Please help

[kasser]

Hi all,
Below is the configuration for a VPN that i have constructed on our network.


access-list 66 permit ip 195.224.52.0 255.255.255.224 165.44.132.0 255.255.255.0
crypto ipsec transform-set BOA esp-3des esp-sha-hmac
crypto map BOA 166 ipsec-isakmp
crypto map BOA 166 match address 66
crypto map BOA 166 set pfs group2
crypto map BOA 166 set peer 171.192.4.30
crypto map BOA 166 set transform-set BOA
crypto map BOA interface outside
isakmp enable outside
isakmp key ******** address 171.192.4.30 netmask 255.255.255.255
isakmp identity address
isakmp keepalive 2880
isakmp policy 203 authentication pre-share
isakmp policy 203 encryption 3des
isakmp policy 203 hash sha
isakmp policy 203 group 2
isakmp policy 203 lifetime 86400

The issue I am having is that we are trying to put in place a failover VPN for this. all the settings will be the same but will be coming from a different location.

I added another set peer line with the new IP address amnd another isakmp key for the new address.
When I put this in place, the failover works but the original VPN stops working, when I take these two lines out the original VPN works again. Can anyone help as to y this is happening. I thought I could add multiple peers and give the peer a different key but its seems to take over the VPN. Any ideas will be much appreciated.

Regards all

 

[brianinms]

You can't have 2 site-to-site vpn tunnels that have the same remote network. Such as if both remotes have the same internal subnet it isnt possible unless you configure outside nat.

 

[kasser]

Hi Brian,

Thanks for your reply. Please can you clarify when you say i need to configure the outside nat.

Thanks in advance