Cisco ASA - 1 crypto map per interface
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
in Off-Topic
Hey guys! Ultimately I am looking at setting up about 15 vpn tunnels to different vendors. Is it still the case that there can only be one crypto map per interface (we have an ASA 5515-X)? If so, would I just need to setup one map with multiple policies to get around this issue?
Thanks!
Thanks!
WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Comments
-
RouteMyPacket
Member Posts: 1,104
I wrote you out an entire example, now it's mysteriously gone. Jesus Christ this site.
Anyway, you can have one crypto to an intrface yes but you can assign multiple map entries.
i.e.,
crypto map remote 10 match address vpn_to_SiteA
crypto map remote 10 set peer x.x.x.x
crypto map remote 10 set ikev1 transform-set ESP-AES-256-SHA
crypto map remote 10 set security-association lifetime seconds 28800
crypto map remote 20 match address vpn_to_SiteB
crypto map remote 20 set peer x.x.x.x
crypto map remote 20 set ikev1 transform-set ESP-AES-256-SHA
crypto map remote 20 set security-association lifetime seconds 28800
Then you will have tunnel-groups to reference
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key cisco123Modularity and Design Simplicity:
Think of the 2:00 a.m. test—if you were awakened in the
middle of the night because of a network problem and had to figure out the
traffic flows in your network while you were half asleep, could you do it? -
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
Excellent!! Thanks for the info and sorry your example got dropped! This was exactly what I thought would need to be done.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
phoeneous
Member Posts: 2,333 ■■■■■■■□□□
Had an entire blog post on this, let me try to find. But you basically you set multiple index numbers after the crypto map remote command like RouteMyPacket wrote.