Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
10
Helpful
5
Replies

Creating two and more VPN tunnels ASA5512

Go to solution
phillip2711
Level 1
Level 1

‎01-16-2018 01:44 PM - edited ‎03-12-2019 04:55 AM

Hello everybody,

I would like to add another VPN tunnel to an existing configuration, and I am a little bit lost where to start.

In Crypto Map with IKEv2 you can add only one IP address, also I read that only one crypto map can be assigned to an interface.

If I will create another Crypto Map (different priority) with a different IP address and traffic selection but same IPSec settings will it allow me to simultaneously use both VPN tunnels.

The main device where this configuration has to be created in Cisco ASA-5512

 

Please help with any advice, let me know if you need additional info

Thank you in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
GioGonza
Level 4
Level 4
In response to phillip2711

‎01-16-2018 03:00 PM

Hello @phillip2711

 

Yes sure, if the ACL is different and you sent traffic to the different subnets, both of them will be working at the same time without any issue. 

 

As I said the only thing to keep in mind is the ACL since you can have the same IPSec policies for both of them. 

 

HTH

Gio

View solution in original post

5 Replies 5

Go to solution
GioGonza
Level 4
Level 4

‎01-16-2018 02:01 PM

Hello @phillip2711

 

You can apply different connections with different priority number as you said but the only thing to keep in mind is the ACL since the ASA will try to create the VPN tunnel with the first one that matches, if you add a new one with the same information as the previous one, it will not work. 

 

You can do VPN tunnel backup like this: 

 

crypto map mymap 1 set peer 1.1.1.1 2.2.2.2

 

It will use the same configuration and the second peer will go up only if the primary fails. 

 

HTH

Gio

Go to solution
phillip2711
Level 1
Level 1
In response to GioGonza

‎01-16-2018 02:22 PM

Hello @GioGonza

 

Thank you very much. To clarify for example one will be with one IP peer address and one ACL(Branch Office A), another connection will be with different IP address and different ACL(Branch Office B). As far as settings: both those connections will be applied to the same outside interface and IPsec proposal will be the same. 

So another question is, will those both VPN tunnels will be working simultaneous meaning if the person needs to access PC on branch office A and then in office B he will be able to do so?

 

I hope I explained it correctly, thanks

0 Helpful

Go to solution
GioGonza
Level 4
Level 4
In response to phillip2711

‎01-16-2018 03:00 PM

Hello @phillip2711

 

Yes sure, if the ACL is different and you sent traffic to the different subnets, both of them will be working at the same time without any issue. 

 

As I said the only thing to keep in mind is the ACL since you can have the same IPSec policies for both of them. 

 

HTH

Gio

Go to solution
phillip2711
Level 1
Level 1
In response to GioGonza

‎01-17-2018 05:52 AM

Thank you @GioGonza for a quick reply

0 Helpful

Go to solution
GioGonza
Level 4
Level 4
In response to phillip2711

‎01-17-2018 05:54 AM

No problem @phillip2711, glad I could help.

 

Gio

0 Helpful
Customers Also Viewed These Support Documents