ASA5540 Ver7.2 VPN IPSec lan-to-lan

sercopi · ‎02-03-2009

Good evening,

I should make a question about using crypto map.

Can I use a different crypto map for every lan-to-lan IpSec tunnel?

I ask this question because from my test my result was that I can use only a cypto map that will used by every tunnel.

Who can confirm or deny?

Any information that you can send me are welcomed.

Best Regards

--

Davide Sacca'

Ivan Martinon · ‎02-03-2009

Hi Davide,

You can use a single crypto map per interface, meaning that if you are going to have lan to lan connections to your external interface you can only use a single crypto map, however you can use multiple crypto sequence numbers to differentiate each tunnel.

sercopi · ‎02-05-2009

Good evening Ivan,

thanks very much for your reply, if I could have another doubt.

Should I apply a new crypto map to a "virtual" interface which I will create under the outside interface?

For example under the interface GigabitEthernet0/0.1

Best Regards

--

Davide Sacca'

Ivan Martinon · ‎02-05-2009

You will ned to apply that crypto map on the interface where your default gateway is found, if this is found on that vlan interface, and that vlan interface is the outside then you would need to apply it there.