Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
2
Replies

General Pix VPN question

whiteford
Level 1
Level 1

‎07-29-2007 12:16 AM - edited ‎02-21-2020 03:11 PM

I have created a VPN between 2 Cisco 515 pix's. On the ADSM it says the VPN status is 1 IKE tunnel and and 5 IPSec tunnels. Why 5 and not one? We have multiple subnets on one side of the Pix, does it mean if another different subnet travels across the VPN then it will go to 6 IPSec tunnels?

Labels:
0 Helpful
2 Replies 2

rjwalani
Cisco Employee
Cisco Employee

‎07-29-2007 01:04 AM

It depends on the crypto access-list entries.

Ranjana

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎07-29-2007 01:25 AM

Hi

For each entry in your crypto access-list that is a potential IPSEC tunnel. So yes in answer to your question if another subnet that isn't already running across the VPN then intitiates a communication through teh VPn tunnel it will indeed crete another IPSEC sa. Actually the SA is uni-directional so 2 sa's are created.

HTH

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents