Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
13237
Views
0
Helpful
0
Comments

How to configure multiple VPN tunnels to one remote end (same public IP address) on the PIX/Adaptive Security Appliance (ASA) or router

TCC_2
Level 10
Level 10

‎06-17-2009 10:12 PM - edited ‎03-08-2019 06:01 PM

Resolution

Configuring multiple VPN tunnels to the same devices is not possible since it is not possible to have more than one IPsec Security Association (SA) for the same peer. However, it is possible to configure multiple VPN tunnels to multiple devices.

Encrypting multiple networks to get encrypted across a VPN tunnel is possible by binding the access-lists for those networks to the crypto-map for the remote peer.

Note: If you want to apply different IPsec to different types of traffic (to the same or separate IPsec peers), then the different types of traffic should be defined in two separate crypto access lists, and you must create a separate crypto-map for each crypto access list. An example would be if you want traffic between one set of subnets to be authenticated, and traffic between another set of subnets to be both authenticated and encrypted.

For most of the possible scenarios related to PIX /ASA/router and VPN Concentrators, refer to Configuration Examples and Tech Notes.

For additional help, refer to Introduction to IP Security (IPsec) Encryption.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents