Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1309
Views
0
Helpful
5
Replies

ASA VPN tunnel

Go to solution
SathishkumarSaravanan0348
Level 1
Level 1

‎10-03-2019 02:13 AM - edited ‎02-21-2020 09:33 AM

Hello Experts,

 

Whether we can use the same policy and transform-set for multiple tunnels?

 

eg: I have created one policy and one transform-set in router(IKEv1).

I planned to add multiple crypto-map for different customer and separate interesting ACL in encryption domain.

 

Whether it will work?

 

Also what is mean by Cipher, I have come across while reading the encryption document.

 

Regards,

Sathish

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
bhargavdesai
Spotlight
Spotlight

‎10-03-2019 04:37 AM

You can use same ISAKM Policy and transform set (Phase-1 & 2) to secure multiple VPN tunnels. You do need to configure different ACL for interesting traffic, Peer IP configuration. Even you can use the same pre-shared key but you should use different for security reasons. You can only apply One crypto-map per interface so you need to create single crypto-map with multiple sequence number for different customers.
Below links might help you.

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html



HTH
### RATE ALL HELPFUL RESPONSES ###

View solution in original post

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎10-03-2019 04:47 AM

Also, a cipher is the algorithm used for encrypting and decrypting.  In VPN you have two ciphers or encryptions, first one is for the tunnel managment (ISAKMP), the second encryption is for the data traffic (IPsec).

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marius Gunnerud
VIP
VIP

‎10-03-2019 04:29 AM

Yes, you can do this.  Infact it is a good practice as this keeps configuration clutter to a minimum.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
bhargavdesai
Spotlight
Spotlight

‎10-03-2019 04:37 AM

You can use same ISAKM Policy and transform set (Phase-1 & 2) to secure multiple VPN tunnels. You do need to configure different ACL for interesting traffic, Peer IP configuration. Even you can use the same pre-shared key but you should use different for security reasons. You can only apply One crypto-map per interface so you need to create single crypto-map with multiple sequence number for different customers.
Below links might help you.

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html



HTH
### RATE ALL HELPFUL RESPONSES ###
0 Helpful

Go to solution
SathishkumarSaravanan0348
Level 1
Level 1
In response to bhargavdesai

‎10-03-2019 06:18 AM

Thanks for the information
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎10-03-2019 04:47 AM

Also, a cipher is the algorithm used for encrypting and decrypting.  In VPN you have two ciphers or encryptions, first one is for the tunnel managment (ISAKMP), the second encryption is for the data traffic (IPsec).

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card