Yes you can, but why would you like to setup IPSec tunnels on a subinterface?
Also, pls kindly be advised that you can't have more than 1 default route configure on an ASA, so for each of the sub interface, you would need to configure static route for the remote peer, that means, you would need to have a static remote peer (dynamic remote peer won't work because you can't setup route first on the ASA), nor can remote access vpn works.
Thanks very much for your reply. I understand where you coming from, but the reason of using sub-interfaces is that, we have only one physical interface on the firewall connected to the MPLS cloud, and we need to setup a seperate IPSec tunnels for each client for security and integrity. In the current scenario, I have static peers and we can easily setup a static route to peer address.
Many thanks for your assistance, please feel free to to advise if you have any other suggestion.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...