Solved: ASA two crypto tunnels with two ISPs

Anthonize Rajaratne · ‎08-02-2017

Hello,

I have a quick question.

Is it must to create two transformer sets for each crypto-map policies? or can I use already configured and being used in first crypto map transformer set to second crypto map policy? I have typed an example below.

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto map Outside-ATT1-crypto-map 1 match address ACL-1

crypto map Outside-ATT1-crypto-map 1 set peer 10.10.10.1

crypto map Outside-ATT1-crypto-map 1 set ikev1 transform-set ESP-AES-256-SHA

crypto map Outside-ATT1-crypto-map 1 set security-association lifetime seconds 28800

crypto ikev1 enable outside-ATT1

crypto map Outside-ATT-crypto-map interface outside-ATT1

-----------------------

crypto map Outside-ATT2-crypto-map 1 match address ACL-2

crypto map Outside-ATT2-crypto-map 1 set peer 10.10.10.2

crypto map Outside-ATT2-crypto-map 1 set ikev1 transform-set ESP-AES-256-SHA

crypto map Outside-ATT2-crypto-map 1 set security-association lifetime seconds 28800

crypto ikev1 enable outside-ATT2

crypto map Outside-ATT-crypto-map interface outside-ATT2

Thank you in advanced.

Anthonize

Dinesh Moudgil · ‎08-02-2017

Hi Anthonize,

You can use same transform set multiple times in different crypto map sequence.

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎08-02-2017

Hi Anthonize,

You can use same transform set multiple times in different crypto map sequence.

Regards
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

Anthonize Rajaratne · ‎08-04-2017

Thanks Dinesh.