Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1758
Views
5
Helpful
16
Replies

Can I have two tunneles IPSec with differents security parameters on the same link?

Zagam
Level 1
Level 1

‎05-08-2019 10:09 PM

Hi there!

 

Currently I have a tunnel IPSec between Router 899/887 and ASA 5545, it's works, but I need create a second tunnel on the same link with different traffic, and differents security parameters.

 

Can I have two crypto maps in the same outside ASA interface?

 

 

Labels:
0 Helpful
16 Replies 16

Rob Ingram
VIP
VIP
In response to Zagam

‎05-11-2019 12:16 PM

Using the same link and same interfaces, no it's not possible. In order for it to work you'd need to peer with a different IP address to distinguish between them and the ASA does not permit 2 x IP address on an interface.

As per my previous thought, certificates would not help either.

In your example if you added the new network to the existing ACL it would establish a tunnel, however it would still use the same security algorithms/PSK, which is not what you said you want.
0 Helpful

Zagam
Level 1
Level 1
In response to Rob Ingram

‎05-11-2019 12:40 PM

So, I just need other interface on router? Or also on the ASA? 

 

Regards!!!

0 Helpful
Customers Also Viewed These Support Documents