Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

is it possible to have 2 RA VPNs on a ASA5505

Hi there,

I am looking into setting up 2 remote access VPNs; one will have split tunnelling and the other won’t have split tunnelling configured other than that both are identical.

Below is the config I’m planning to use:

ASA Version 8.3(1)

ip local pool VPNPOOL 192.168.20.1-192.168.20.254

object network obj-vpnpool

subnet 192.168.XX.0 255.255.255.0

object network net_internal

subnet 10.0.XX.0 255.255.255.0

nat (inside,any) source static net_internal net_internal destination static obj-vpnpool obj-vpnpool

access-list ravpn_ex extended permit ip 10.0.XX.0 255.255.255.0 192.168.XX.0 255.255.255.0 log

access-list ravpn_ex extended permit icmp 10.0.XX.0 255.255.255.0 192.168.XX.0 255.255.255.0 log

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto ipsec transform-set RA-TS esp-3des esp-sha-hmac

crypto dynamic-map DYN_MAP 10 set transform-set RA-TS

crypto map VPN_MAP 65535 ipsec-isakmp dynamic DYN_MAP

crypto map VPN_MAP interface outside

crypto isakmp enable outside

group-policy RA01-vpn internal

group-policy RA01-vpn attributes

dns-server value XX.XX.XX.XX XX.XX.XX.XX

vpn-idle-timeout 60

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ravpn_ex

tunnel-group RA01 type remote-access

tunnel-group RA01 general-attributes

address-pool VPNPOOL

default-group-policy RA01-vpn

tunnel-group RA01 ipsec-attributes

pre-shared-key *****

TUNNEL TWO:

group-policy RA02-vpn internal

group-policy RA02-vpn attributes

dns-server value XX.XX.XX.XX XX.XX.XX.XX

vpn-idle-timeout 60

tunnel-group RA02 type remote-access

tunnel-group RA02 general-attributes

address-pool VPNPOOL

default-group-policy RA02-vpn

tunnel-group RA02 ipsec-attributes

pre-shared-key *****

Can anyone confirm if this will work or if there is another way I can achieve the same outcome?

Regards

Dale

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

is it possible to have 2 RA VPNs on a ASA5505

It is absolutely possible. Right now I do this on an ASA 5540 with 4 different RA groups for different departments.

2 REPLIES
New Member

is it possible to have 2 RA VPNs on a ASA5505

Hi there,

can you tell me which one vpn have split tunnelling and other wont' have split tunnelling ?

New Member

is it possible to have 2 RA VPNs on a ASA5505

It is absolutely possible. Right now I do this on an ASA 5540 with 4 different RA groups for different departments.

429
Views
0
Helpful
2
Replies