Paul, Instead of using different names for your crypto maps you can simply use the same name with different numbers pointing to different ip addresses at you remote peer:
crypto ipsec transform-set VPNSET esp-des esp-sha-hmac crypto map VPNMAP 10 ipsec-isakmp crypto map VPNMAP 10 match address vpn1 crypto map VPNMAP 10 set peer 123.213.123.1 crypto map VPNMAP 10 set transform-set VPNSET crypto map VPNMAP 20 ipsec-isakmp crypto map VPNMAP 20 match address vpn2 crypto map VPNMAP 20 set peer 213.123.123.1 crypto map VPNMAP 20 set transform-set VPNSET crypto map VPNMAP 30 ipsec-isakmp crypto map VPNMAP 30 match address vpn3 crypto map VPNMAP 30 set peer 321.123.321.1 crypto map VPNMAP 30 set transform-set VPNSET crypto map VPNMAP interface outside You might also want to download the .pdf form of the PIX manual frm CCO. It's much more comprehensive than what comes with a PIX out of the box. There are some good examples of setups similar to what you're doing in there. Hope this helps. David Armstrong ""Paul"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > How do I apply two different crypto maps to the same interface ??? > > I have two crypto maps ... bmw and ferarri ..... > > However, if I apply the bmw crypto map to the oustside interface this > removes the ferarri crypto map from the outside interface .. and vice versa > ... > > Regards > > Paul ... > > ----- Original Message ----- > From: "Mark W. Odette II" > To: > Sent: Thursday, September 12, 2002 6:52 AM > Subject: RE: PIX to PIX ISAKMP Policy ... [7:53082] > > > > Heed the warning... That little tip came a little too late for me a > > while back and it bit me in the butt hard. I had to wait until the next > > morning to get someone at the remote location to give the PIX the ol' > > 'boot. > > > > -Mark > > > > -----Original Message----- > > From: David Armstrong [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, September 11, 2002 8:55 AM > > To: [EMAIL PROTECTED] > > Subject: Re: PIX to PIX ISAKMP Policy ... [7:53082] > > > > Paul, > > > > You can have the same isakmp policy and the same crypto ipsec > > transform-set > > for all of your ipsec vpn's but will need to define a new crypto map and > > access-list. Remember to run isakmp disable outside BEFORE making > > configuration changes to your interface or you could lock up the PIX. > > > > David Armstrong > > > > ""Paul"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Hi .. > > > > > > I have setup site to site from a 506 to a 515 .... this all works > > fine > > ... > > > I now want to set up another site site from a 501 to the same 515 ... > > > > > > When doing so ... can I use the same ISAKMP policy that I already > > created > > on > > > the 515 PIX ??? > > > If so ... do I just add another 'ISAKMP key **** address' line ??? > > > > > > I guess that I would have to create another 'crypto ipsec > > transform-set' > > !! > > > > > > Has anyone done anything similiar to this ???? > > > > > > Regards > > > > > > Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53206&t=53082 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
