General Pix VPN question

Unanswered Question
Jul 29th, 2007
User Badges:

I have created a VPN between 2 Cisco 515 pix's. On the ADSM it says the VPN status is 1 IKE tunnel and and 5 IPSec tunnels. Why 5 and not one? We have multiple subnets on one side of the Pix, does it mean if another different subnet travels across the VPN then it will go to 6 IPSec tunnels?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rjwalani Sun, 07/29/2007 - 01:04
User Badges:
  • Cisco Employee,

It depends on the crypto access-list entries.


Jon Marshall Sun, 07/29/2007 - 01:25
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


For each entry in your crypto access-list that is a potential IPSEC tunnel. So yes in answer to your question if another subnet that isn't already running across the VPN then intitiates a communication through teh VPn tunnel it will indeed crete another IPSEC sa. Actually the SA is uni-directional so 2 sa's are created.




This Discussion