Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Multiple site-to-site VPNs from same equipments

Hi,

I have a Cisco ASA 5510 in my central site. I created a VPN to connect a remote site that has a draytek 2830.

Because some particularities we need to include in this vpn other networks.

So from the remote site we need to comunticate with more than one network.

For example:

Network: 192.168.1.0/24, 192.168.2.15/32 and 192.168.3.15/32

The only solution i have found was to create a vpn connection on the draytek for each network. On the Cisco side i created also a connectio for each network.

The vpns function if they initiate in a determined order. If the vpn for the 192.168.1.0 network starts first them there is no traffic...

Can you please help me.

Best regards.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Multiple site-to-site VPNs from same equipments

Hi  Joao,

On ASA we can create one crypto map for one peer ip address.

As per my understanding it seems that you are trying to configure different crypto maps for different networks on other side.

On ASA, we have to configure it in following way:-

acccess-list test permit ip 192.168.1.0 255.255.255.0

acccess-list test permit ip host 192.168.2.15

acccess-list test permit ip host 192.168.3.15



crypto map testmap 1 set peer

crypto map testmap 1 match address test

crypto map testmap 1 match transform-set ESP-3DES-SHA.

Let me know if it helps.

If possible, attach the running configuration of your ASA as well.

Regards,

Naresh

7 REPLIES
Silver

Multiple site-to-site VPNs from same equipments

Hi  Joao,

On ASA we can create one crypto map for one peer ip address.

As per my understanding it seems that you are trying to configure different crypto maps for different networks on other side.

On ASA, we have to configure it in following way:-

acccess-list test permit ip 192.168.1.0 255.255.255.0

acccess-list test permit ip host 192.168.2.15

acccess-list test permit ip host 192.168.3.15



crypto map testmap 1 set peer

crypto map testmap 1 match address test

crypto map testmap 1 match transform-set ESP-3DES-SHA.

Let me know if it helps.

If possible, attach the running configuration of your ASA as well.

Regards,

Naresh

New Member

Multiple site-to-site VPNs from same equipments

From the cisco side i have tested wth only one connection and added the other networks to the access list.

From the draytek side i have 3 diferent connections.

If the first connection is not the connection with the 192.168.1.0 network, if for some reason the other connections are droped, then we don't have traffic and from the draytek side the vpn is up, but from the cisco that connection is not up.

Sorry for the description.

New Member

Multiple site-to-site VPNs from same equipments

Hi,

Sorry the answer is not correct, i pressed accidently in the button and now i do not know how to remove that flag.

JA

Cisco Employee

Multiple site-to-site VPNs from same equipments

Hi Joao,

see if the issue is that on the other device you cannot define multiple subnet as we do in ASA.

Then yes thats an issue because as naresh said above we cannot configure multiple crypto map on ASA for the same peer.

Thanks

Jeet

New Member

Multiple site-to-site VPNs from same equipments

That is the problem i cannot define multiple subnets in the connection profile.

I can add routes to the vpn but it didn't work.

Thanks,

João Areias

Silver

Multiple site-to-site VPNs from same equipments

Use a supernet:

192.168.0.0 /22

It need not match the actually used subnets exactly.

New Member

Multiple site-to-site VPNs from same equipments

Hi,

In this case i could work but i also have situations where i have one subnet class A and 2 hosts that have public ips but have to pass in the vpn tunnel.

Thanks.

367
Views
10
Helpful
7
Replies