[c-nsp] terminating many l2l tunnels on an ASA

Ryan ryanclambert at gmail.com
Thu Sep 18 15:43:37 EDT 2008


Hey everyone, question for those of you who may have already suffered this
unfortunate fate -

 

Background:

 

I have about 150 site to site VPN tunnels I need to terminate for an ASA.
Zero (yes, zero) of the remote end devices are Cisco. I do not have any
control over these devices. Everything is the same except for the remote
subnets, and obviously the peer IPs. Encryption, PSK, etc. all matching. 

 

One of the requirements is that the tunnel is able to be brought up by
generating traffic from my side (kind of shoots down a dynamic L2L I
-think-)

 

I am using a Cisco ASA 5520 with a VPN Plus license. I don't have the option
of purchasing anything else to help with this.

 

The actual question:

 

Does anyone know of a decent way to bring these up without cluttering my
config with 1000+ lines of ACL, tunnel-group config, etc?



More information about the cisco-nsp mailing list