Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
1
Replies

ipsec sa and acl question

Go to solution
ronald.su
Level 1
Level 1

‎01-27-2022 06:12 PM

hello, I wondering if ACL line number is equal sa number?

Scenario:

NY office has 1 subnet 192.168.0.0/24 and CA office has 2 subnets : 172.16.0.0/12 and 10.0.0.0/8

NY and CA have a ipsec vpn.

I wanna know it will generate 2 ipsec phase 2 sa ? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎01-27-2022 11:15 PM

Hi @ronald.su,

No, ACL line number is not necessarily equal to established SAs (assuming that is what you are asking). It is possible that you have 5 different ACL entries, and that only one SA is established (e.g. one that is #3 in your ACL). but, it is also possible to have all 5 SAs established.

BR,

Milos

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎01-27-2022 11:15 PM

Hi @ronald.su,

No, ACL line number is not necessarily equal to established SAs (assuming that is what you are asking). It is possible that you have 5 different ACL entries, and that only one SA is established (e.g. one that is #3 in your ACL). but, it is also possible to have all 5 SAs established.

BR,

Milos

0 Helpful
Customers Also Viewed These Support Documents