Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
General
Off-Topic
Cisco ASA - 1 crypto map per interface
the_Grinch
Hey guys! Ultimately I am looking at setting up about 15 vpn tunnels to different vendors. Is it still the case that there can only be one crypto map per interface (we have an ASA 5515-X)? If so, would I just need to setup one map with multiple policies to get around this issue?
Thanks!
Find more posts tagged with
Comments
RouteMyPacket
I wrote you out an entire example, now it's mysteriously gone. Jesus Christ this site.
Anyway, you can have one crypto to an intrface yes but you can assign multiple map entries.
i.e.,
crypto map remote 10 match address vpn_to_SiteA
crypto map remote 10 set peer x.x.x.x
crypto map remote 10 set ikev1 transform-set ESP-AES-256-SHA
crypto map remote 10 set security-association lifetime seconds 28800
crypto map remote 20 match address vpn_to_SiteB
crypto map remote 20 set peer x.x.x.x
crypto map remote 20 set ikev1 transform-set ESP-AES-256-SHA
crypto map remote 20 set security-association lifetime seconds 28800
Then you will have tunnel-groups to reference
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key cisco123
the_Grinch
Excellent!! Thanks for the info and sorry your example got dropped! This was exactly what I thought would need to be done.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
