Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3558
Views
0
Helpful
2
Replies

Configuring Multiple IPSEC tunnels on ASA 5505

marstelecom
Level 1
Level 1

‎05-31-2009 11:58 PM - edited ‎02-21-2020 04:15 PM

Hi,

I need to configure 2 IPSEC tunnels on my ASA 5505. 1st one is already configured the 2nd one is to be configured. I have following clarification

1. Shud i create one more ISAKMP policy

2. Do i need to create 1 more Access list with source network and destination network.

3.Do i need to create 1 more Nat0 or can i add in existing ACL which i have already created for previous.

Thanks in advance

Prasanna Sastry.G

Mars Telecom

1 person had this problem
Labels:
0 Helpful
2 Replies 2

andrew.prince
Level 10
Level 10

‎06-01-2009 02:34 AM

In answer to your questions:-

1) Depends, the existing policy will be negotiated with the remote end. If the remote end cannot support your policy - you will need to configure another one.

2) Yes - best practise would be to create the "interesting acl" per VPN.

3) No - you can add the source and destination IP information to the existing nat0

HTH>

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-03-2009 05:57 AM

Have a look at this link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml

The answer to your question depends on the 'interesting traffic' for the new VPN. If they are same, you can use the same ACL. Its preferable to use different ACLs for NAT and CRYPTO, as old Cisco versions used to have a bug that would not allow sharing the same ACL between the two features. Who knows it could appear again?

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents