07-29-2007 12:16 AM - edited 02-21-2020 03:11 PM
I have created a VPN between 2 Cisco 515 pix's. On the ADSM it says the VPN status is 1 IKE tunnel and and 5 IPSec tunnels. Why 5 and not one? We have multiple subnets on one side of the Pix, does it mean if another different subnet travels across the VPN then it will go to 6 IPSec tunnels?
07-29-2007 01:04 AM
It depends on the crypto access-list entries.
Ranjana
07-29-2007 01:25 AM
Hi
For each entry in your crypto access-list that is a potential IPSEC tunnel. So yes in answer to your question if another subnet that isn't already running across the VPN then intitiates a communication through teh VPn tunnel it will indeed crete another IPSEC sa. Actually the SA is uni-directional so 2 sa's are created.
HTH
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: