cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
507
Views
0
Helpful
3
Replies

only one remote network statement in site-to-site vpn?

syjeon
Level 1
Level 1

Hi,

I'm wondering about in case of site-to-site vpn, we can only define one network statement for peer branch office network?

if there are one more local network in peer site, then, how to define those for peer local subnet?

Can anyone response about my question?

Thanks.

1 Accepted Solution

Accepted Solutions

If I understand your question correctly you are wondering how to add another subnet to an existing site to site VPN tunnel?

If that is correct you can add that network to the crypto ACL of the existing site to site tunnel.  But you must tear down and rebuild the tunnel for it to take effect.

once you have added the required configuration issue the following commands to tear down the tunnel.  Keep in mind that doing this will disconnect any users on the VPN so it is best to let the users know when you are going to do this so they are not connected at that time.

clear crypto isakmp

clear crypto ipsec sa

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

3 Replies 3

If I understand your question correctly you are wondering how to add another subnet to an existing site to site VPN tunnel?

If that is correct you can add that network to the crypto ACL of the existing site to site tunnel.  But you must tear down and rebuild the tunnel for it to take effect.

once you have added the required configuration issue the following commands to tear down the tunnel.  Keep in mind that doing this will disconnect any users on the VPN so it is best to let the users know when you are going to do this so they are not connected at that time.

clear crypto isakmp

clear crypto ipsec sa

--
Please remember to select a correct answer and rate helpful posts

I recalled cisco ios vpn for site-to-site vpn were able to add one more remote subnet. by the way, some of Nokia site-to-site vpn box can't. that is possible to enable only one remote subnet. for instance, if we mentioned 10.x.x.x/8, then it can't be such as one more 20.0.0.0/8 like so.

Thanks.

I am not familiar with Nokia VPNs, but as I mentioned this is possible on Cisco.  It just requires the tunnel to be re-established for the changes to take effect.

--
Please remember to select a correct answer and rate helpful posts