https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080182#M1069893 <P>I was asking if we can apply two different crypto map names to same interface?</P><P>for example</P><P>&nbsp;</P><P><SPAN>crypto map&nbsp; test1</SPAN></P><P><SPAN>crypto map&nbsp; test 2&nbsp;</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 06 May 2020 03:31:26 GMT mahesh18 2020-05-06T03:31:26Z https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080119#M1069886 <P>Hi everyone,</P><P>&nbsp;</P><P>Seems on Cisco ASA 8.2 we have remote vpn configured with crypto&nbsp; map name VPN.</P><P>I did config for site to site IPSEC tunnel with new crypto map name L2L.</P><P>&nbsp;</P><P>When i apply this new crypto map to the outside interface then old crypto map VPN was no longer applied to the</P><P>outside interface.</P><P>&nbsp;</P><P>Need to confirm if this is by design?</P><P>&nbsp;</P><P>Old crypto map policy number is 10</P><P>new crypto map plicy number was 20</P><P>&nbsp;</P><P>Regards</P><P>Mahesh&nbsp;</P><P>&nbsp;</P> Wed, 06 May 2020 00:14:41 GMT https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080119#M1069886 mahesh18 2020-05-06T00:14:41Z https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080169#M1069892 <P>Hello.</P><P>&nbsp;</P><P>Yes, you can do this - but you need to increase&nbsp;sequence number - in my example its 10 and 20.</P><P>&nbsp;</P><P>crypto map WAN_MAP 10 match address 123<BR />crypto map WAN_MAP 10 set peer 3.13.24.2<BR />crypto map WAN_MAP 10 set ikev1 transform-set dessha<BR />crypto map WAN_MAP 10 set security-association lifetime seconds 28800<BR />crypto map WAN_MAP 10 set security-association lifetime kilobytes 4608000<BR />crypto map WAN_MAP 10 set reverse-route<BR />crypto map WAN_MAP 20 match address 11<BR />crypto map WAN_MAP 20 set pfs group14<BR />crypto map WAN_MAP 20 set peer 9.16.43.8<BR />crypto map WAN_MAP 20 set ikev2 ipsec-proposal AES256-SHA512<BR />crypto map WAN_MAP 20 set security-association lifetime seconds 3600<BR />crypto map WAN_MAP 20 set security-association lifetime kilobytes 4608000</P><P>&nbsp;</P><P>crypto map WAN_MAP interface &lt;outside interface name&gt;</P> Wed, 06 May 2020 02:58:05 GMT https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080169#M1069892 kapydan88 2020-05-06T02:58:05Z https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080182#M1069893 <P>I was asking if we can apply two different crypto map names to same interface?</P><P>for example</P><P>&nbsp;</P><P><SPAN>crypto map&nbsp; test1</SPAN></P><P><SPAN>crypto map&nbsp; test 2&nbsp;</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Wed, 06 May 2020 03:31:26 GMT https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080182#M1069893 mahesh18 2020-05-06T03:31:26Z https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080183#M1069894 <P><SPAN>I was asking if we can apply two different crypto map names to same interface? - No.</SPAN></P> Wed, 06 May 2020 03:37:39 GMT https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080183#M1069894 kapydan88 2020-05-06T03:37:39Z https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080201#M1069899 <P>thanks for answering the question.</P><P>Currently we have sequence number 10 and 65535 for remote vpn users.</P><P>&nbsp;</P><P>if i use sequence number 20&nbsp; for IPSEC lan to lan tunnel then it should not cause any issues right?</P> Wed, 06 May 2020 04:41:48 GMT https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080201#M1069899 mahesh18 2020-05-06T04:41:48Z https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080318#M1069903 <P>Only one "crypto map &lt;name&gt;" can be applied to a given interface at one time.</P> <P>As implied, we use sequence numbers within the crypto map to accommodate multiple distinct VPNs.</P> <P>As long as the ACLs for matching ("interesting") traffic don't have any overlaps or conflicts it will work fine.</P> Wed, 06 May 2020 08:28:58 GMT https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080318#M1069903 Marvin Rhoads 2020-05-06T08:28:58Z https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080414#M1069911 <P>Many Thanks Marvin.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 06 May 2020 11:51:59 GMT https://community.cisco.com/t5/network-security/applying-two-crypto-map-to-same-interface-caused-outage/m-p/4080414#M1069911 mahesh18 2020-05-06T11:51:59Z