Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1012
Views
5
Helpful
2
Replies

Configuring multiple site-to-site VPNs on a single ASA

Go to solution
Waterbird
Level 1
Level 1

‎12-04-2018 01:43 PM - edited ‎02-21-2020 08:32 AM

I'm using an ASA 5506X and I wish to configure two site-to-site vpn tunnels, which go to two other sites with their own ASA's

 

But the second VPN is not accepting the final configuration step of applying the crypto map to the outside interface.

 

Why not?

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎12-04-2018 02:02 PM

Without seeing your configuration or the exact error I can only guess.


You can only have one crypto map attached to an interface, they are differentiated by the use of sequence numbers

 

E.g:-
crypto map CRYPTO-MAP 1 match address R2_VPN
crypto map CRYPTO-MAP 1 set pfs group2
crypto map CRYPTO-MAP 1 set peer 1.1.1.1
crypto map CRYPTO-MAP 1 set ikev1 transform-set VPN-TRANSFORM
crypto map CRYPTO-MAP 2 match address R4_VPN
crypto map CRYPTO-MAP 2 set pfs group2
crypto map CRYPTO-MAP 2 set peer 3.3.3.1
crypto map CRYPTO-MAP 2 set ikev1 transform-set VPN-TRANSFORM
crypto map CRYPTO-MAP interface OUTSIDE

 

If this does answer your question please provide your configuration and the exact error you receive.

 

HTH

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎12-04-2018 02:02 PM

Without seeing your configuration or the exact error I can only guess.


You can only have one crypto map attached to an interface, they are differentiated by the use of sequence numbers

 

E.g:-
crypto map CRYPTO-MAP 1 match address R2_VPN
crypto map CRYPTO-MAP 1 set pfs group2
crypto map CRYPTO-MAP 1 set peer 1.1.1.1
crypto map CRYPTO-MAP 1 set ikev1 transform-set VPN-TRANSFORM
crypto map CRYPTO-MAP 2 match address R4_VPN
crypto map CRYPTO-MAP 2 set pfs group2
crypto map CRYPTO-MAP 2 set peer 3.3.3.1
crypto map CRYPTO-MAP 2 set ikev1 transform-set VPN-TRANSFORM
crypto map CRYPTO-MAP interface OUTSIDE

 

If this does answer your question please provide your configuration and the exact error you receive.

 

HTH

Go to solution
Karsten Iwen
VIP
VIP

‎12-05-2018 02:17 AM

You can also configure route-based VPNs where all this crypto-map complexity is not needed any more:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-vti.html

I would always prefer this VPN-style if supported by the devices.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card