Two IPSEC tunnels on same physcial interface

Roger Base · ‎11-27-2017

Hi forum.

I am trying to configure two separate IPSEC tunnels on the same physical interface on my ASAv 9.8 code. Will this be technically on asa ASAV ?

Dynamic IPSEC in one side (reasoning dynamic IP) and Static or Routed IPSEC in the other side (VTI)? My PC1 and PC2 should be able to communicate with each other over the tunnels. How should the NAT and IPSEC config look like on ASAv?

Thank you.

Karsten Iwen · ‎11-28-2017

You can do that. What you need:

NAT Exemption for your whole VPN-traffic where needed
same-security-traffic permit intra-interface
ASA3 needs to route traffic for the internal ASA4-subnet and the ASA1 subnet through the tunnel
ASA1/ASAv need to encrypt all traffic for ASA1-ASAv-subnet and ASA1-ASA3-subnet

Two IPSEC tunnels on same physcial interface

Cisco Nexus シリーズ : VXLAN Static Tunnels

Tunnel gre tunnel ipsec

Lab - Configuração DMVPN com IPsec

Configurando L2TPv3 (Layer 2 Tunnel Protocol Version 3)

Interface 監視用 OID について