Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec tunnel on sub-interface on ASA 5510

Hello All,

I working on a security solution using ASA firewall and need some technical advice on ASA. Is it possible to setup a IPSec tunnels  on each subinterface of a physical interface on ASA 5510?

I would be greatul if someone please reply post this with some details.

Regards,

Muds

3 REPLIES
Cisco Employee

IPSec tunnel on sub-interface on ASA 5510

Yes you can, but why would you like to setup IPSec tunnels on a subinterface?

Also, pls kindly be advised that you can't have more than 1 default route configure on an ASA, so for each of the sub interface, you would need to configure static route for the remote peer, that means, you would need to have a static remote peer (dynamic remote peer won't work because you can't setup route first on the ASA), nor can remote access vpn works.

New Member

IPSec tunnel on sub-interface on ASA 5510

Hi Jennifer,

Thanks very much for your reply. I understand where you coming from, but the reason of using sub-interfaces is that, we have only one physical interface on the firewall connected to the MPLS cloud, and we need to setup a seperate IPSec tunnels for each client for security and integrity. In the current scenario, I have static peers and we can easily setup a static route to peer address.

Many thanks for your assistance, please feel free to to advise if you have any other suggestion.

Regards,

Muds 

Cisco Employee

IPSec tunnel on sub-interface on ASA 5510

Great, in that case, there is no issue at all if the remote end is static.

988
Views
0
Helpful
3
Replies