Multiple VPN tunnels with Cisco ASA firewall?

jasonroy1565 · ‎11-08-2023

Hello Cisco Community! Can I configure multiple site-to-site VPN tunnels between a single Cisco ASA firewall and multiple remote locations? If so, what are the prerequisites, considerations, and best practices for setting up and managing these VPN tunnels? Thank you for your assistance!

Blue_Bird · ‎11-09-2023

Hello Jasonroy1565,

You can do multiple site-to-site VPN tunnels. Here are the prerequisties

Prerequisites/Requirements

Cisco recommends that you have knowledge of these topics:

Cisco Adaptive Security Appliance (ASA)
Basic Linux Commands
General IPSec concepts

Components Used

The information in this document is based on these versions:

Cisco ASAv running 9.12(3)9
Ubuntu 20.04 running strongSwan U5.8.2

Typically, you would have a crypto map applied to the internet facing interface. Each crypto map entry has a sequence number. You would simply create all of the necessary configuration (tunnel-group for the remote peer IP, ACL to define interesting traffic, etc.) and increment the crypto map entry.

Example:
crypto map outside_map 1 match address s2s_VPN_1
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 10.0.0.2
crypto map outside_map 1 set transform-set ESP_3DES_SHA

tunnel-group 1.2.3.4 type ipsec-l2l
tunnel-group 1.2.3.4 ipsec-attributes
ikev1 pre-shared-key Some-Secure-Key$

crypto map outside_map 2 match address s2s_VPN_2
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 10.0.0.6
crypto map outside_map 2 set transform-set ESP_3DES_SHA

tunnel-group 4.5.6.7 type ipsec-l2l
tunnel-group 4.5.6.7 ipsec-attributes
ikev1 pre-shared-key Some_Secure_Key2$

Best regards
******* If This Helps, Please Rate *******