12-08-2008 03:29 AM - edited 02-21-2020 04:03 PM
As a Technology implementor in my organization, i have a necessity of implementing Multiple IPSec VPN Tunnels to a single Remote site, say between Point A and Point B i need to have more than one IPSec VPN tunnels. My criteria is i have only one interface facing internet at both my locations, which means only one Peer IP.
Is this possible with any of Cisco Devices like Cisco Routers, Cisco ASA or Cisco PIX?
12-08-2008 09:15 AM
If you could tell us why you need multiple tunnel we could help better, what is the ultimate goal for requering multiple L2L tunnels to same destination from same source point? is it to allow specific access to certain resources? per tunnel basis, if so you can accomplis this by simply implementing vpl filters in your single L2L connection between Point-A and Point-B using ASA500 applience or PIX with code 7.x above.
Rgds
Jorge
12-08-2008 11:11 AM
Hi Jorge,
Thanks for the response. Our requirements is that we have two Point of Presence Locations, say Point A in US and Point B in India. We do not have any dedicated WAN connectivity between Point A and Point B. We only have Internet as common infra. to connect them. To keep different client's traffic separate according to our Standard Security Policies, we need to build multiple IPSec L2L Tunnels between Point A and Point B. Please let me know if this can be configured? if yes, how?
12-08-2008 11:50 AM
Short answer yes, it is possible with ASA, you could accomplish this through vpn filters once you build the L2L tunnel between A and B.
Look at the link I privided in previous post and follow the process logic, after you create the Ipsec tunnel policy then create filters per client comming from site_B.
say you have in Site B a client called client_A, CLient_B , Client_C
From ASA site_A vpn filters could look something like this.
access-list ClientA_Site_B permit tcp host
access-list ClientB_Site_B permit tcp host
access-list ClientC_Site_B permit tcp host
everything else is explicitly denied
tunnel-group
default-group-policy filter
group-policy filter internal
group-policy filter attributes
vpn-filter value ClientA_Site_B
vpn-filter value ClientB_Site_B
vpn-filter value ClientC_Site_B
etc..
HTH
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide