Configuring Multiple IPSEC tunnels on ASA 5505

Unanswered Question
May 31st, 2009


I need to configure 2 IPSEC tunnels on my ASA 5505. 1st one is already configured the 2nd one is to be configured. I have following clarification

1. Shud i create one more ISAKMP policy

2. Do i need to create 1 more Access list with source network and destination network.

3.Do i need to create 1 more Nat0 or can i add in existing ACL which i have already created for previous.

Thanks in advance

Prasanna Sastry.G

Mars Telecom

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

In answer to your questions:-

1) Depends, the existing policy will be negotiated with the remote end. If the remote end cannot support your policy - you will need to configure another one.

2) Yes - best practise would be to create the "interesting acl" per VPN.

3) No - you can add the source and destination IP information to the existing nat0


Farrukh Haroon Wed, 06/03/2009 - 05:57

Have a look at this link:

The answer to your question depends on the 'interesting traffic' for the new VPN. If they are same, you can use the same ACL. Its preferable to use different ACLs for NAT and CRYPTO, as old Cisco versions used to have a bug that would not allow sharing the same ACL between the two features. Who knows it could appear again?




This Discussion