ASA5540 Ver7.2 VPN IPSec lan-to-lan

Unanswered Question
Feb 3rd, 2009

Good evening,

I should make a question about using crypto map.

Can I use a different crypto map for every lan-to-lan IpSec tunnel?

I ask this question because from my test my result was that I can use only a cypto map that will used by every tunnel.

Who can confirm or deny?

Any information that you can send me are welcomed.

Best Regards


Davide Sacca'

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Tue, 02/03/2009 - 09:20

Hi Davide,

You can use a single crypto map per interface, meaning that if you are going to have lan to lan connections to your external interface you can only use a single crypto map, however you can use multiple crypto sequence numbers to differentiate each tunnel.

sercopi Thu, 02/05/2009 - 05:12

Good evening Ivan,

thanks very much for your reply, if I could have another doubt.

Should I apply a new crypto map to a "virtual" interface which I will create under the outside interface?

For example under the interface GigabitEthernet0/0.1

Best Regards


Davide Sacca'

Ivan Martinon Thu, 02/05/2009 - 08:11

You will ned to apply that crypto map on the interface where your default gateway is found, if this is found on that vlan interface, and that vlan interface is the outside then you would need to apply it there.


This Discussion