I have created a VPN between 2 Cisco 515 pix's. On the ADSM it says the VPN status is 1 IKE tunnel and and 5 IPSec tunnels. Why 5 and not one? We have multiple subnets on one side of the Pix, does it mean if another different subnet travels across the VPN then it will go to 6 IPSec tunnels?
For each entry in your crypto access-list that is a potential IPSEC tunnel. So yes in answer to your question if another subnet that isn't already running across the VPN then intitiates a communication through teh VPn tunnel it will indeed crete another IPSEC sa. Actually the SA is uni-directional so 2 sa's are created.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...