Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring Multiple IPSEC tunnels on ASA 5505

Hi,

I need to configure 2 IPSEC tunnels on my ASA 5505. 1st one is already configured the 2nd one is to be configured. I have following clarification

1. Shud i create one more ISAKMP policy

2. Do i need to create 1 more Access list with source network and destination network.

3.Do i need to create 1 more Nat0 or can i add in existing ACL which i have already created for previous.

Thanks in advance

Prasanna Sastry.G

Mars Telecom

2 REPLIES

Re: Configuring Multiple IPSEC tunnels on ASA 5505

In answer to your questions:-

1) Depends, the existing policy will be negotiated with the remote end. If the remote end cannot support your policy - you will need to configure another one.

2) Yes - best practise would be to create the "interesting acl" per VPN.

3) No - you can add the source and destination IP information to the existing nat0

HTH>

Re: Configuring Multiple IPSEC tunnels on ASA 5505

Have a look at this link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml

The answer to your question depends on the 'interesting traffic' for the new VPN. If they are same, you can use the same ACL. Its preferable to use different ACLs for NAT and CRYPTO, as old Cisco versions used to have a bug that would not allow sharing the same ACL between the two features. Who knows it could appear again?

Regards

Farrukh

2361
Views
0
Helpful
2
Replies
CreatePlease to create content