How many ipsec vpn tunnels can you put on ASA 5520 Outside Interface?

mlenco · ‎02-01-2008

I am testing to see how many IPSEC vpn tunnels you can place on a single outside interface of an ASA 5520 or whether each additonal vpn tunnel must be on separate interfaces nameif'd outside2, outside3, etc.

I had one working vpn on the initial outside interface [sh ipsec sa, sh isakmp sa]. I then created a second outside interface (outside2), a second crypto map, added the isakmp enable outside2 to the same policy 1 then created a second ACL. Both outside interfaces are wired up the two FA int on a single upstream router.

Result:

I get EIGRP errors; EIGRP can't find host and lists the IP address of its upstream /30 interface. The outside interfaces have extended ip any any and associated access groups to remove any doubt.

Any insight on the best practices to setup more than one IPSEC vpn tunnel on an ASA 5520?

ajagadee · ‎02-01-2008

You can terminate up to 750 VPN Tunnels on the ASA 5520 and depending upon your requirements, you could terminate all the tunnels on the outside interface or terminate the tunnels on different interfaces.

Please refer the below URL for details:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html

Regards,

Arul

** Please rate all helpful posts **