Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
3
Replies

Two remote vpn on a single asa

kope
Level 1
Level 1

‎03-04-2010 08:57 AM

Is it possible to create two remote vpn servers on a single ASA?

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-04-2010 12:37 PM

Hi,

Do you mean to create two VPN tunnels terminating on the same ASA?

This can be done applying the crypto map to both interfaces.

Do you need this as a backup or what exactly do you need?

Federico.

0 Helpful

kope
Level 1
Level 1
In response to Federico Coto Fajardo

‎03-04-2010 03:33 PM

yes, I tried to create two remote VPN tunnels terminating on the same ASA on one single outside interface.

The customer wanted to change vpn ip addresses (dhcp pool on the asa) to a different network address; My intention was simply creating another profile (.pcf file) by creating another remote VPN tunnel. I don't know if this is possible.

That way, I can have two VPN profile running; and the cusomter can switch to the new profile (new vpn address) as they wish.

Acutally i think i may make things more complicated than it really is...

Can I just simply chaning the ip pool address on the ASA (may be a few other code change..); and the vpn client would automatically getting the new ip addreess? Is this going to work?

Thanks your help.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to kope

‎03-06-2010 01:24 PM

Yes,

You can do this with no problems.

For instance let's say that you have the following configuration:

ip local pool firstpool 192.168.0.10-192.168.0.15
tunnel-group firstgroup type ipsec-ra
tunnel-group firstgroup general-attributes
address-pool firstpool
tunnel-group firstgroup ipsec-attributes
pre-shared-key password1

To create another profile for remote clients, you can do the following:

ip local pool secondpool 192.168.1.10-192.168.1.15
tunnel-group secondgroup type ipsec-ra
tunnel-group secondgroup general-attributes
address-pool secondpool
tunnel-group secondgroup ipsec-attributes
pre-shared-key password2

So,

You have one profile named firstgroup with password password1 and a second profile named secondgroup with the password passwowrd2

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents