I have a PIX 515E with a 4 port FE card and an ASA 5520 with 4 GE interfaces and I need to know if I can enable isakmp on two interfaces on the same firewall. I have included a drawing for a little better understand of what I am trying to do.
I know you can with 7.x code and believe you can with 6.x.
Create a different crypto map for each interface. Then you'll need routes for networks on either side. If your outside int is the default route then your fine for the networks on the l2l. You'll need static or routes from a routing protocol so the traffic knows how to reach the l2l network connected to int JRP. If you don't it will use the default route and won't work.
Other then that it's the same setup for a L2L tunnel.
You answered my question thank you very much. I am running 7.2 code on my PIX 515E's and I didn't have one to test and verify if I could or not. Once I get my VPN tunnels up between the firewall I will be running GRE tunnels from the core 6509's and any way so I will only need to route the traffic for the tunnel source and destination address so I should work. Thanks again for the info.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...