03-04-2010 08:57 AM
Is it possible to create two remote vpn servers on a single ASA?
03-04-2010 12:37 PM
Hi,
Do you mean to create two VPN tunnels terminating on the same ASA?
This can be done applying the crypto map to both interfaces.
Do you need this as a backup or what exactly do you need?
Federico.
03-04-2010 03:33 PM
yes, I tried to create two remote VPN tunnels terminating on the same ASA on one single outside interface.
The customer wanted to change vpn ip addresses (dhcp pool on the asa) to a different network address; My intention was simply creating another profile (.pcf file) by creating another remote VPN tunnel. I don't know if this is possible.
That way, I can have two VPN profile running; and the cusomter can switch to the new profile (new vpn address) as they wish.
Acutally i think i may make things more complicated than it really is...
Can I just simply chaning the ip pool address on the ASA (may be a few other code change..); and the vpn client would automatically getting the new ip addreess? Is this going to work?
Thanks your help.
03-06-2010 01:24 PM
Yes,
You can do this with no problems.
For instance let's say that you have the following configuration:
ip local pool firstpool 192.168.0.10-192.168.0.15
tunnel-group firstgroup type ipsec-ra
tunnel-group firstgroup general-attributes
address-pool firstpool
tunnel-group firstgroup ipsec-attributes
pre-shared-key password1
To create another profile for remote clients, you can do the following:
ip local pool secondpool 192.168.1.10-192.168.1.15
tunnel-group secondgroup type ipsec-ra
tunnel-group secondgroup general-attributes
address-pool secondpool
tunnel-group secondgroup ipsec-attributes
pre-shared-key password2
So,
You have one profile named firstgroup with password password1 and a second profile named secondgroup with the password passwowrd2
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: