Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
3
Replies

only one remote network statement in site-to-site vpn?

Go to solution
syjeon
Level 1
Level 1

‎08-05-2013 11:30 PM

Hi,

I'm wondering about in case of site-to-site vpn, we can only define one network statement for peer branch office network?

if there are one more local network in peer site, then, how to define those for peer local subnet?

Can anyone response about my question?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎08-06-2013 02:02 AM

If I understand your question correctly you are wondering how to add another subnet to an existing site to site VPN tunnel?

If that is correct you can add that network to the crypto ACL of the existing site to site tunnel.  But you must tear down and rebuild the tunnel for it to take effect.

once you have added the required configuration issue the following commands to tear down the tunnel.  Keep in mind that doing this will disconnect any users on the VPN so it is best to let the users know when you are going to do this so they are not connected at that time.

clear crypto isakmp

clear crypto ipsec sa

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marius Gunnerud
VIP
VIP

‎08-06-2013 02:02 AM

If I understand your question correctly you are wondering how to add another subnet to an existing site to site VPN tunnel?

If that is correct you can add that network to the crypto ACL of the existing site to site tunnel.  But you must tear down and rebuild the tunnel for it to take effect.

once you have added the required configuration issue the following commands to tear down the tunnel.  Keep in mind that doing this will disconnect any users on the VPN so it is best to let the users know when you are going to do this so they are not connected at that time.

clear crypto isakmp

clear crypto ipsec sa

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
syjeon
Level 1
Level 1
In response to Marius Gunnerud

‎08-06-2013 04:24 PM

I recalled cisco ios vpn for site-to-site vpn were able to add one more remote subnet. by the way, some of Nokia site-to-site vpn box can't. that is possible to enable only one remote subnet. for instance, if we mentioned 10.x.x.x/8, then it can't be such as one more 20.0.0.0/8 like so.

Thanks.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to syjeon

‎08-07-2013 12:57 AM

I am not familiar with Nokia VPNs, but as I mentioned this is possible on Cisco.  It just requires the tunnel to be re-established for the changes to take effect.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents