cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2321
Views
0
Helpful
4
Replies

SA520- IPSec VPN - Multiple local /remote subnets?

swingvote
Level 1
Level 1

Hi,

I'm trying to setup an IPSec tunnel between ASA5520 and a SA520. I have multiple subnets (interesting traffic/protected networks) on both locations. On SA 520, I don't see an option to define multiple subnets for local and remote pool under "VPN Policies" screen. Because of that, the tunnel fails during Phase 2 negotiation (mismatching subnets).

Is there a way to define multiple subnets on SA520 or is it limited with one subnet?

Any insight is much appreciated.

Thank you,

Janakan Rajendran.

4 Replies 4

Janakan,

I don't have an SA520 right now to check, but do you have those multiple subnets contiguous?

In other words, can those multiple subnets be grouped in a single larger network using an appropiate mask?

For instance, if behind the SA520 you have the following four networks:

192.168.0.0/24

192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

Then, you can specify a single network for the interesting traffic as 192.168.0.0/22

If you can't group your multiple subnets, then you must specify multiple entries. I will check on that, but you can check if summarization works on your setup.

Federico.

Federico,

Thank you for the response. The subnets are not contiguous. I attempted to supernet them and the link established but no data transfer(which I think is an ACL issue that can be handled later). Unfortunately, I cannot go for a wider range on those non contiguous subnets.

-Janakan

Unfortunately I don't have access to an SA520 at the moment.

Where you specify the interesting traffic for VPN, you only have a single entry then?

Federico.

Yes, only on entry where it gives an option to enter - Single, range or subnet.

-Janakan.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: