Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to configure multiple VPN tunnels to one remote end (same public IP address) on the PIX/Adaptive Security Appliance (ASA) or router


Configuring multiple VPN tunnels to the same devices is not possible since it is not possible to have more than one IPsec Security Association (SA) for the same peer. However, it is possible to configure multiple VPN tunnels to multiple devices.

Encrypting multiple networks to get encrypted across a VPN tunnel is possible by binding the access-lists for those networks to the crypto-map for the remote peer.

Note: If you want to apply different IPsec to different types of traffic (to the same or separate IPsec peers), then the different types of traffic should be defined in two separate crypto access lists, and you must create a separate crypto-map for each crypto access list. An example would be if you want traffic between one set of subnets to be authenticated, and traffic between another set of subnets to be both authenticated and encrypted.

For most of the possible scenarios related to PIX /ASA/router and VPN Concentrators, refer to Configuration Examples and Tech Notes.

For additional help, refer to Introduction to IP Security (IPsec) Encryption.

Version history
Revision #:
1 of 1
Last update:
‎06-17-2009 10:12 PM
Updated by:
Labels (1)