VPN Tunnels on Two Separate Interfaces?

dbnorton · ‎05-31-2007

I have a PIX 515E with a 4 port FE card and an ASA 5520 with 4 GE interfaces and I need to know if I can enable isakmp on two interfaces on the same firewall. I have included a drawing for a little better understand of what I am trying to do.

cpembleton · ‎05-31-2007

I know you can with 7.x code and believe you can with 6.x.

Create a different crypto map for each interface. Then you'll need routes for networks on either side. If your outside int is the default route then your fine for the networks on the l2l. You'll need static or routes from a routing protocol so the traffic knows how to reach the l2l network connected to int JRP. If you don't it will use the default route and won't work.

Other then that it's the same setup for a L2L tunnel.

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_guide_chapter09186a00806370f9.html

Let me know if you have any questions.

Thanks,

Chad

Please rate if this helps!

dbnorton · ‎05-31-2007

You answered my question thank you very much. I am running 7.2 code on my PIX 515E's and I didn't have one to test and verify if I could or not. Once I get my VPN tunnels up between the firewall I will be running GRE tunnels from the core 6509's and any way so I will only need to route the traffic for the tunnel source and destination address so I should work. Thanks again for the info.