Federico Coto F... Thu, 03/04/2010 - 12:37
User Badges:
  • Green, 3000 points or more

Hi,


Do you mean to create two VPN tunnels terminating on the same ASA?


This can be done applying the crypto map to both interfaces.

Do you need this as a backup or what exactly do you need?


Federico.

kope@northropgr... Thu, 03/04/2010 - 15:33
User Badges:

yes, I tried to create two remote VPN tunnels terminating on the same ASA on one single outside interface.


The customer wanted to change vpn ip addresses (dhcp pool on the asa) to a different network address; My intention was simply creating another profile (.pcf file) by creating another remote VPN tunnel. I don't know if this is possible.

That way, I can have two VPN profile running; and the cusomter can switch to the new profile (new vpn address) as they wish.


Acutally i think i may make things more complicated than it really is...


Can I just simply chaning the ip pool address on the ASA (may be a few other code change..); and the vpn client would automatically getting the new ip addreess? Is this going to work?


Thanks your help.

Federico Coto F... Sat, 03/06/2010 - 13:24
User Badges:
  • Green, 3000 points or more

Yes,


You can do this with no problems.


For instance let's say that you have the following configuration:


ip local pool firstpool 192.168.0.10-192.168.0.15
tunnel-group firstgroup type ipsec-ra
tunnel-group firstgroup general-attributes
address-pool firstpool
tunnel-group firstgroup ipsec-attributes
pre-shared-key password1

To create another profile for remote clients, you can do the following:


ip local pool secondpool 192.168.1.10-192.168.1.15
tunnel-group secondgroup type ipsec-ra
tunnel-group secondgroup general-attributes
address-pool secondpool
tunnel-group secondgroup ipsec-attributes
pre-shared-key password2


So,

You have one profile named firstgroup with password password1 and a second profile named secondgroup with the password passwowrd2


Federico.

Actions

This Discussion