I have a Cisco ASA 5520 which has a remote VPN connected to it from a Cisco 877 which is just on a DSL line.
I have allowed 3 subnets through the VPN via the SA's. When the VPN the ASA says there is 1 IKE tunnel up and 3 IPSec tunnels, which I assuem are these 3 subnets that the remote users need.
Is this how it should or can/should it say 1 IKE tunnel and 1 IPSec tunnel.
The thing that worries me is I'm going to add many more VPN's and read this:
"Each ACE creaes 2 unidirectional IPSec SA's. If you have 100 entries in your ACL, then the ASA will create 200 IPSec SA's. Using host-based crypto ACE's is not recommended because Cisco ASA uses system resources to maintain the SA's which may affect system performance."