10-01-2009 07:28 AM
Hi All,
I'll shortly be setting up a new L2L VPN between a Checkpoint and an ASA. To cut a long story short, the Checkpoint end is configured to negogiate 'one SA per subnet pair' within it's tunnel management settings. This will have to stay this way.
So the question is: Is there an equivalant setting for an ASA (ASDM and/or CLI) or failing that, does anyone knows it's default behaviour regarding SA creation?
Just trying to avoid pitfalls before I start.
Many thanks,
Doug
10-01-2009 11:20 AM
Doug
IPSEC SAs are neogotiated per entry in your acl on the ASA. So if you have a crypto map acl with 3 entries that will create 2 SAs per acl entry, 2 because IPSEC SAs are unidirectional.
So it sounds like the checkpoint is behaving in exactly the same way as it should as IPSEC is a standard.
Jon
10-01-2009 08:35 PM
Many thanks Jon.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide