Configuration setup. Site to site vpn.
/----- ISP 1 R1 -------ISP 2 ISP 3 --- R3 Physical Interfaces: R1 has 2 interfaces connected to 2 ISPs R3 has 1 interface connected to 1 ISP. Logical: R1 has 2 IPSEC encapsulated GRE tunnels to R3. 1 Single Endpoint. R3 has 2 IPSEC encapsulated GRE tunnels to R1. 2 different Endpoints. The problem: Getting R1 to forward IPSEC traffic to separate ISPs according to Source since the destination is the same (R3) I tried routemap (see R1 config) but IPSEC is performed after routemap. The 2 IPSEC tunnel traffic (ie. from 100.100.100.1 to 50.50.50.3 and 200.200.200.1 to 50.50.50.3) both go to one ISP or other if I have default route in there. How do I traffic from 100.100.100.1 to to ISP1, from 200.200.200.1 go to ISP 2. ######### R1 Router. 2 ISP interfaces. 2 Tunnel interfaces. ! version 12.3 ! hostname R1 ! ! ip subnet-zero ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key abc123 address 50.50.50.50 ! ! crypto ipsec transform-set myTrans esp-3des esp-md5-hmac ! crypto map myMap local-address Ethernet1/0 crypto map myMap 1 ipsec-isakmp set peer 50.50.50.3 set transform-set myTrans match address 100 ! crypto map myMap2 local-address Ethernet1/1 crypto map myMap2 1 ipsec-isakmp set peer 50.50.50.3 set transform-set myTrans match address 101 ! ! ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.255 ! interface Tunnel0 ip address 192.168.10.1 255.255.255.0 keepalive 10 3 tunnel source Loopback0 tunnel destination 192.168.1.3 crypto map myMap ! interface Tunnel1 ip address 192.168.20.1 255.255.255.0 keepalive 10 3 tunnel source Loopback0 tunnel destination 192.168.2.3 crypto map myMap2 ! interface Ethernet0/0 description R1 Internal LAN ip address 20.20.20.0 255.255.255.0 half-duplex ! ! interface Ethernet1/0 ip address 100.100.100.1 255.255.255.0 half-duplex crypto map myMap ! interface Ethernet1/1 ip address 200.200.200.1 255.255.255.0 half-duplex crypto map myMap2 ! ip local policy route-map myRoute ! ip classless ip route 10.10.10.0 255.255.255.0 Tunnel0 ip route 10.10.10.0 255.255.255.0 Tunnel1 ip route 10.10.10.0 255.255.255.0 Null0 150 ip route 192.168.1.3 255.255.255.255 Ethernet1/0 ip route 192.168.2.3 255.255.255.255 Ethernet1/1 ! ! access-list 100 permit gre host 192.168.1.1 host 192.168.1.3 access-list 101 permit gre host 192.168.1.1 host 192.168.2.3 ! access-list 188 permit ip host 100.100.100.1 any access-list 199 permit ip host 200.200.200.1 any ! route-map myRoute permit 10 match ip address 188 set ip next-hop 100.100.100.2 ! route-map myRoute permit 20 match ip address 199 set ip next-hop 200.200.200.2 ! ! ! dial-peer cor custom ! ! line con 0 line aux 0 line vty 0 4 no login ! ! end R1# ######### R2 ISP Router -- Simulating ISP connections. version 12.3 ! hostname R2 ! ! ip subnet-zero ! ! interface Ethernet0/0 description to Router R3 ip address 50.50.50.2 255.255.255.0 no ip proxy-arp half-duplex ! interface Ethernet1/0 description to Router 1 E1/0 ip address 100.100.100.2 255.255.255.0 no ip proxy-arp half-duplex ! interface Ethernet1/1 description to Router 1 E1/1 ip address 200.200.200.2 255.255.255.0 no ip proxy-arp half-duplex ! ip classless ! ! ! line con 0 line aux 0 line vty 0 4 end R2# ######### R3 Router - Single ISP connection. Two tunnel interfaces. version 12.3 ! hostname R3 ! ! ip subnet-zero ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key abc123 address 100.100.100.1 crypto isakmp key abc123 address 200.200.200.1 ! ! crypto ipsec transform-set myTrans esp-3des esp-md5-hmac ! crypto map myMap local-address Ethernet1/0 crypto map myMap 10 ipsec-isakmp set peer 100.100.100.1 set transform-set myTrans match address 100 crypto map myMap 20 ipsec-isakmp set peer 200.200.200.1 set transform-set myTrans match address 101 ! ! ! interface Loopback0 ip address 192.168.1.3 255.255.255.255 ! interface Loopback1 ip address 192.168.2.3 255.255.255.255 ! interface Tunnel0 ip address 192.168.10.3 255.255.255.0 keepalive 10 3 tunnel source Loopback0 tunnel destination 192.168.1.1 crypto map myMap ! interface Tunnel1 ip address 192.168.20.3 255.255.255.0 keepalive 10 3 tunnel source Loopback1 tunnel destination 192.168.1.1 crypto map myMap ! interface Ethernet0/0 description to Internal LAN ip address 10.10.10.1 255.255.255.0 half-duplex ! interface Ethernet1/0 ip address 50.50.50.3 255.255.255.0 half-duplex crypto map myMap ! ! ip classless ip route 20.20.20.0 255.255.255.0 Tunnel0 ip route 20.20.20.0 255.255.255.0 Tunnel1 ip route 192.168.1.1 255.255.255.255 Ethernet1/0 ! ! access-list 100 permit gre host 192.168.1.3 host 192.168.1.1 access-list 101 permit gre host 192.168.2.3 host 192.168.1.1 ! ! line con 0 line aux 0 line vty 0 4 ! end R3# ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74173&t=74173 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html