Solved: Multiple Crypto Maps on a single ASA Interface

ali.shariaty · ‎04-22-2016

Hi,

I'm working with a TAC support engineer and during the troubleshooting he suggests to assign two different crypto maps on a single interface.

Is it technically possible to have multiple Crypto Maps on a single ASA Interface?

P.S: I know having multiple sequences in a single crypto map would work but this is a case which I have to set multiple Crypto Maps on a single ASA.

Dinesh Moudgil · ‎04-22-2016

Hi Ali,

The rule is per interface, only one crypto map is supported. You can not assign more than one crypto map on a single interface.

From the documentation:-
"You can assign only one crypto map set to an interface. If multiple crypto map entries have the same map name but a different sequence number, they are part of the same set and are all applied to the interface. The ASA evaluates the crypto map entry with the lowest sequence number first."

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/c6.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

Dinesh Moudgil · ‎04-22-2016

Hi Ali,

The rule is per interface, only one crypto map is supported. You can not assign more than one crypto map on a single interface.

From the documentation:-
"You can assign only one crypto map set to an interface. If multiple crypto map entries have the same map name but a different sequence number, they are part of the same set and are all applied to the interface. The ASA evaluates the crypto map entry with the lowest sequence number first."

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/c6.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/