We need to create a "Non-Meraki VPN Peer" between an MX68 and Cisco 1841 router. The trick is, this router already hosts multiple IPSec tunnels to other Cisco routers using Tunnel interfaces and a single public interface.
Is it possible to create a "Non-Meraki VPN Peer" between the MX68 and C1841 while keeping the current tunnels active.
All resources show a physical interface on the non-meraki appliance with a public IP that the IPSec/Crypto configurations are applied to. Doing so would break our current tunnels however. Sample router config below.
object-group network REMOTE
host X.X.X.X
host Y.Y.Y.Y
!
crypto isakmp policy 5
encr aes 192
authentication pre-share
group 14
crypto isakmp key KEY address X.X.X.X
crypto isakmp key KEY address Y.Y.Y.Y
crypto isakmp aggressive-mode disable
!
!
crypto ipsec transform-set VTI esp-aes 192 esp-sha-hmac
!
crypto ipsec profile PROF1
set transform-set VTI
!
!
interface Tunnel0
ip address 10.255.255.62 255.255.255.252
ip tcp adjust-mss 1380
tunnel source FastEthernet0/0
tunnel mode ipsec ipv4
tunnel destination X.X.X.X
tunnel protection ipsec profile PROF1
!
interface Tunnel1
ip address 10.255.252.62 255.255.255.252
ip tcp adjust-mss 1380
tunnel source FastEthernet0/0
tunnel mode ipsec ipv4
tunnel destination Y.Y.Y.Y
tunnel protection ipsec profile PROF1
!
interface FastEthernet0/0
ip address Z.Z.Z.Z 255.255.255.248
ip access-group OUTSIDE in
no ip redirects
no ip unreachables
duplex auto
speed auto
no cdp enable
no mop enabled
!
!
router eigrp 55555
network 10.255.252.60 0.0.0.3
network 10.255.255.60 0.0.0.3
passive-interface default
no passive-interface Tunnel0
no passive-interface Tunnel1
!
!
ip route X.X.X.X 255.255.255.255 Z.Z.Z.Y name TUN0
ip route Y.Y.Y.Y 255.255.255.255 Z.Z.Z.Y name TUN1
ip tacacs source-interface Loopback0
ip access-list extended OUTSIDE
permit esp object-group REMOTE host Z.Z.Z.Z
permit udp object-group REMOTE host Z.Z.Z.Z eq isakmp
permit udp object-group REMOTE host Z.Z.Z.Z eq non500-isakmp
deny ip any any
