07-26-2007 12:33 PM
Hi,
I have one vpn created on my ASA5510,I have to create 2nd vpn now, but when I am trying to enable it on interface it overwrite the previous command, any suggestion,
existing command for vpn A
"crypto map A interface internet"
How can I enable vpn B for same interface?
Regards,
07-26-2007 01:52 PM
Hi
You use sequence numbers in your crypto map as you can only apply one crypto map to an interface eg.
crypto map vpnset 1 ipsec-isakmp
crypto map vpnset 1 set peer x.x.x.x
crypto map vpnset 1 match-address "access-list"
etc...
To define second vpn just use a different sequence number eg.
crypto map vpnset 2 ipsec-isakmp
crypto map vpnset 2 set peer y.y.y.y
crypto map vpnset 2 match-address "access-list"
etc...
Note your sequence numbers do not have to be 1,2,3 etc, you could for example use 10,20,30 etc. It's up to you
HTH
Jon
07-26-2007 03:06 PM
Make sure you use the same name for the crypto map. Since you can only apply a single crypto map to an interface, it has to be the same.
07-27-2007 05:53 AM
Hi,
Thanks, now I have configured it, its looks no acticve tunnel on the ASA, please can you tell me few troubleshooting tips.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide