Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
843
Views
0
Helpful
1
Replies

Multiple isakmp/ipsec tunnels through same interface

jonesl1
Level 1
Level 1

‎03-29-2011 12:24 PM - edited ‎02-21-2020 05:15 PM

Ok....i know this sounds a bit odd....but i'm running into an issue with my vpn tunnels only working one at a time.   So i'm going to try and explain

this the best I can. 

I have a remote router (2811) on the other side of an MPLS network.  On that remote router I have set up two seperate tunnels with two seperate peers.  One tunnel's peer is at the Host side serial interface of the MPLS connection and the other goes to a connection on the inside of the network on the host side. 

I've tried to add a diagram to better explain. 

VPN Issue.pdf

My problem is.....I can get the tunnel to work from the remote router to the ASA to work by itself.   I can get the tunnel to work from the remote router

to the Host side by itself.   However, when I apply the crypto map to the serial interface on the host side to bring that tunnel up, my tunnel from the remote router to the ASA goes down.    Is this because the asa being the peer from the remote router is forced to run through the HOST side serial interface which already has crypto map on it?

Any explanation would be helpful. 

Labels:
0 Helpful
1 Reply 1

christopher.t.clark2
Level 1
Level 1

‎09-15-2013 08:57 AM

Hi Jonesl1,

Try using 'mss-adjust 1420' on Tunnel A and 'mss-adjust 1340' on Tunnel B. The added crypto headers require additional header length. If cutting the MTU by 80 bytes works, you can play with it from there.

For the minimalists, I believe only 65 bytes are required..

-Chris

0 Helpful
Customers Also Viewed These Support Documents