Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1219
Views
0
Helpful
1
Replies

Two IPSEC tunnels on same physcial interface

Roger Base
Level 4
Level 4

‎11-27-2017 10:59 AM - edited ‎03-12-2019 04:46 AM

Hi forum.

 

I am trying to configure two separate IPSEC tunnels on the same physical interface on my ASAv 9.8 code. Will this be technically on asa ASAV ?

 

Dynamic IPSEC in one side (reasoning dynamic IP) and Static or Routed IPSEC in the other side (VTI)? My PC1 and PC2 should be able to communicate with each other over the tunnels. How should the NAT and IPSEC config look like on ASAv?

Thank you.

Labels:
Preview file
59 KB
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-28-2017 07:01 AM

You can do that. What you need:

  • NAT Exemption for your whole VPN-traffic where needed
  • same-security-traffic permit intra-interface
  • ASA3 needs to route traffic for the internal ASA4-subnet and the ASA1 subnet through the tunnel
  • ASA1/ASAv need to encrypt all traffic for ASA1-ASAv-subnet and ASA1-ASA3-subnet
--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Helpful
Customers Also Viewed These Support Documents