Dynamic L2L Tunnels - Different Tunnel Groups

HUB - ASA


crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map mydyn 10 set transform-set myset crypto map mymap 65535 ipsec-isakmp dynamic mydyn crypto map mymap interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 tunnel-group [[Spoke1 Tunnel-Group]] type ipsec-l2l tunnel-group [[Spoke1 Tunnel-Group]] ipsec-attributes pre-shared-key [[Spoke1 Pre-Shared Key]] tunnel-group [[Spoke2 Tunnel-Group]] type ipsec-l2l tunnel-group [[Spoke2 Tunnel-Group]] ipsec-attributes pre-shared-key [[Spoke2 Pre-Shared Key]]

Spoke1 - ASA


access-list interesting extended permit ip [[Spoke1 LAN Subnet]] [[Hub LAN Subnet]] crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map mymap 10 match address interesting crypto map mymap 10 set peer [[Hub Static IP]] crypto map mymap 10 set transform-set myset crypto map mymap 10 set phase1-mode aggressive crypto map mymap interface outside crypto isakmp identity key-id [[Spoke1 Tunnel-Group]] crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 tunnel-group [[Hub Static IP]] type ipsec-l2l tunnel-group [[Hub Static IP]] ipsec-attributes pre-shared-key [[Spoke1 Pre-Shared Key]]

Spoke2 - IOS


ip access-list extended interesting permit ip [[Spoke2 LAN Subnet]] [[Hub LAN Subnet]] crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp peer address [[Hub Static IP]] set aggressive-mode password [[Spoke2 Pre-Shared Key]] set aggressive-mode client-endpoint fqdn [[Spoke2 Tunnel-Group]] crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto map mymap 10 ipsec-isakmp set peer [[Hub Static IP]] set transform-set myset match address interesting interface FastEthernet0/0 crypto map mymap References: http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080bc7d13.shtml



Spoke1 Tunnel-Group:
Spoke1 Pre-Shared Key:
Spoke2 Tunnel-Group:
Spoke2 Pre-Shared Key:
Spoke1 LAN Subnet:
Hub LAN Subnet:
Hub Static IP:
Spoke2 LAN Subnet:


Use this code to post the full script to your own page:



Use this code to post only the variables to your own page: