Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Two remote vpn on a single asa

Is it possible to create two remote vpn servers on a single ASA?


Re: Two remote vpn on a single asa


Do you mean to create two VPN tunnels terminating on the same ASA?

This can be done applying the crypto map to both interfaces.

Do you need this as a backup or what exactly do you need?


New Member

Re: Two remote vpn on a single asa

yes, I tried to create two remote VPN tunnels terminating on the same ASA on one single outside interface.

The customer wanted to change vpn ip addresses (dhcp pool on the asa) to a different network address; My intention was simply creating another profile (.pcf file) by creating another remote VPN tunnel. I don't know if this is possible.

That way, I can have two VPN profile running; and the cusomter can switch to the new profile (new vpn address) as they wish.

Acutally i think i may make things more complicated than it really is...

Can I just simply chaning the ip pool address on the ASA (may be a few other code change..); and the vpn client would automatically getting the new ip addreess? Is this going to work?

Thanks your help.

Re: Two remote vpn on a single asa


You can do this with no problems.

For instance let's say that you have the following configuration:

ip local pool firstpool
tunnel-group firstgroup type ipsec-ra
tunnel-group firstgroup general-attributes
address-pool firstpool
tunnel-group firstgroup ipsec-attributes
pre-shared-key password1

To create another profile for remote clients, you can do the following:

ip local pool secondpool
tunnel-group secondgroup type ipsec-ra
tunnel-group secondgroup general-attributes
address-pool secondpool
tunnel-group secondgroup ipsec-attributes
pre-shared-key password2


You have one profile named firstgroup with password password1 and a second profile named secondgroup with the password passwowrd2


CreatePlease to create content