07-29-2007 12:16 AM - edited 02-21-2020 03:11 PM
I have created a VPN between 2 Cisco 515 pix's. On the ADSM it says the VPN status is 1 IKE tunnel and and 5 IPSec tunnels. Why 5 and not one? We have multiple subnets on one side of the Pix, does it mean if another different subnet travels across the VPN then it will go to 6 IPSec tunnels?
07-29-2007 01:04 AM
It depends on the crypto access-list entries.
Ranjana
07-29-2007 01:25 AM
Hi
For each entry in your crypto access-list that is a potential IPSEC tunnel. So yes in answer to your question if another subnet that isn't already running across the VPN then intitiates a communication through teh VPn tunnel it will indeed crete another IPSEC sa. Actually the SA is uni-directional so 2 sa's are created.
HTH
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide