Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
0
Helpful
2
Replies

When creating multiple VPN tunnels

Go to solution
Jon Moots
Level 1
Level 1

‎03-19-2015 08:44 AM - edited ‎03-11-2019 10:39 PM

 I found something that was rather curious when creating a VPN tunnel between one ASA and 2 opposing location ASA's. What I am doing is creating 2 tunnels on a singe ASA for a three location loop.

Eg: ASA-a is linked via VPN Tunnel to ASA-b and ASA-c.

My question is this: When creating the isakmp policy, do you have to repeat the same steps over again if you already entered it in for the first tunnel?

 Specifically this part: crypto isakmp policy 30 authentication pre-share
                                   crypto isakmp policy 30 encrypt 3des
                                   crypto isakmp policy 30 hash sha
                                   crypto isakmp policy 30 group 2
                                   crypto isakmp policy 30 lifetime 86400

 

My reason for asking is when I went to enter in this block of code for the second tunnel, I changed the ID number from 20 to 30 as shown above. When I saved the code to memory once I had it in, the error popped up that the isakmp policy was superseded by policy 20.

Everything looks to be in order and there when I do a show, just wondering if I am adding in keyboard work that does not need to be there.

 

-Jon

 

   

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-19-2015 08:48 AM

Jon

That policy is not tied to any tunnel unlike the phase 2 configuration.

So if you want to use the same settings you only need to enter it once.

The reason for the numbering is so you can have multiple policies and the firewall will run through them in order ie. you may have a peer using a different policy than other peers.

But for the same policy you only need to enter it once.

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-19-2015 08:48 AM

Jon

That policy is not tied to any tunnel unlike the phase 2 configuration.

So if you want to use the same settings you only need to enter it once.

The reason for the numbering is so you can have multiple policies and the firewall will run through them in order ie. you may have a peer using a different policy than other peers.

But for the same policy you only need to enter it once.

Jon

0 Helpful

Go to solution
Jon Moots
Level 1
Level 1

‎03-19-2015 09:44 AM

Thank you Jon. The tutorial that I was reading for the VPN Tunnel did not distinguish this. I figured that to be the case but wanted to be sure.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card