cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


195
Views
0
Helpful
2
Replies

ASA two crypto tunnels with two ISPs

Hello, 

I have a quick question.

Is it must to create two transformer sets for each crypto-map policies? or can I use already configured and being used in first crypto map transformer set to second crypto map policy? I have typed an example below. 

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 

crypto map Outside-ATT1-crypto-map 1 match address ACL-1

crypto map Outside-ATT1-crypto-map 1 set peer 10.10.10.1

crypto map Outside-ATT1-crypto-map 1 set ikev1 transform-set ESP-AES-256-SHA

crypto map Outside-ATT1-crypto-map 1 set security-association lifetime seconds 28800

crypto ikev1 enable outside-ATT1

crypto map Outside-ATT-crypto-map interface outside-ATT1

-----------------------

crypto map Outside-ATT2-crypto-map 1 match address ACL-2

crypto map Outside-ATT2-crypto-map 1 set peer 10.10.10.2

crypto map Outside-ATT2-crypto-map 1 set ikev1 transform-set ESP-AES-256-SHA

crypto map Outside-ATT2-crypto-map 1 set security-association lifetime seconds 28800

crypto ikev1 enable outside-ATT2

crypto map Outside-ATT-crypto-map interface outside-ATT2

Thank you in advanced. 

Anthonize

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi Anthonize,

Hi Anthonize,

You can use same transform set multiple times in different crypto map sequence.

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

2 REPLIES 2
Cisco Employee

Hi Anthonize,

Hi Anthonize,

You can use same transform set multiple times in different crypto map sequence.

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Highlighted

Thanks Dinesh.

Thanks Dinesh.