Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
582
Views
0
Helpful
3
Replies

Multiple IPSec VPN to one remote site

cannan.ilangovan
Level 1
Level 1

‎12-08-2008 03:29 AM - edited ‎02-21-2020 04:03 PM

As a Technology implementor in my organization, i have a necessity of implementing Multiple IPSec VPN Tunnels to a single Remote site, say between Point A and Point B i need to have more than one IPSec VPN tunnels. My criteria is i have only one interface facing internet at both my locations, which means only one Peer IP.

Is this possible with any of Cisco Devices like Cisco Routers, Cisco ASA or Cisco PIX?

Labels:
0 Helpful
3 Replies 3

JORGE RODRIGUEZ
Level 10
Level 10

‎12-08-2008 09:15 AM

If you could tell us why you need multiple tunnel we could help better, what is the ultimate goal for requering multiple L2L tunnels to same destination from same source point? is it to allow specific access to certain resources? per tunnel basis, if so you can accomplis this by simply implementing vpl filters in your single L2L connection between Point-A and Point-B using ASA500 applience or PIX with code 7.x above.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml

Rgds

Jorge

Jorge Rodriguez
0 Helpful

cannan.ilangovan
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎12-08-2008 11:11 AM

Hi Jorge,

Thanks for the response. Our requirements is that we have two Point of Presence Locations, say Point A in US and Point B in India. We do not have any dedicated WAN connectivity between Point A and Point B. We only have Internet as common infra. to connect them. To keep different client's traffic separate according to our Standard Security Policies, we need to build multiple IPSec L2L Tunnels between Point A and Point B. Please let me know if this can be configured? if yes, how?

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to cannan.ilangovan

‎12-08-2008 11:50 AM

Short answer yes, it is possible with ASA, you could accomplish this through vpn filters once you build the L2L tunnel between A and B.

Look at the link I privided in previous post and follow the process logic, after you create the Ipsec tunnel policy then create filters per client comming from site_B.

say you have in Site B a client called client_A, CLient_B , Client_C

From ASA site_A vpn filters could look something like this.

access-list ClientA_Site_B permit tcp host host eq 80

access-list ClientB_Site_B permit tcp host host eq ftp

access-list ClientC_Site_B permit tcp host host eq https

everything else is explicitly denied

tunnel-group general-attributes ( Tunnel between Site A and Site B )

default-group-policy filter

group-policy filter internal

group-policy filter attributes

vpn-filter value ClientA_Site_B

vpn-filter value ClientB_Site_B

vpn-filter value ClientC_Site_B

etc..

HTH

Jorge

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents