07-08-2008 06:14 AM - edited 02-21-2020 03:48 PM
Hi,
Just for my understanding.
I have one VPN connected to my Cisco ASA 5520, when I tried to add another VPN the I have to create a 2nd cryptomap, can I not create a group so there is one crypto map?
Currently I have:
access-list outside_cryptomap_1 line 1 extended permit ip 0.0.0.0 0.0.0.0 172.19.15.0 255.255.255.0
I have just added access-list outside_cryptomap_2 line 1 extended permit ip 0.0.0.0 0.0.0.0 172.19.2.0 255.255.255.0
But wondered if I could use some thing like:
access-list outside_mycryptomap line 1 extended permit ip 0.0.0.0 0.0.0.0 object-group VPN_Remote_Networks
When I do this though I guess it will cause a problem with the peer address?
Solved! Go to Solution.
07-08-2008 06:25 AM
You must use different access-list in cryptomap for every VPN.
07-08-2008 06:25 AM
You must use different access-list in cryptomap for every VPN.
07-08-2008 06:28 AM
I know it was a simple question but very useful for me, thanks!
07-08-2008 06:46 AM
Is there a certain order I need to add the config into the CLI aswell?
I have this to add:
access-list outside_MYcryptomap_1 line 1 extended permit ip 0.0.0.0 0.0.0.0 172.19.15.0 255.255.255.0
crypto map outside_map 1 match address outside_MYcryptomap_1
crypto map outside_map 1 set pfs group5
crypto map outside_map 1 set peer 1.2.3.4
crypto map outside_map 1 set transform-set ESP-AES-256-SHA
crypto map outside_map 1 set security-association lifetime seconds 86400
tunnel-group 1.2.3.4 type ipsec-l2l
tunnel-group 1.2.3.4 general-attributes
default-group-policy CBSO-L2L
tunnel-group 1.2.3.4 ipsec-attributes
pre-shared-key abcdefgh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: