[c-nsp] asa 5520, more than one crypto map?
Peter Rathlev
peter at rathlev.dk
Mon Aug 17 19:16:21 EDT 2009
Hi Scott,
On Mon, 2009-08-17 at 15:30 -0700, Scott Granados wrote:
> Hi, I'm having an issue binding more than one map to the outside
> interface so I need someone to set me straight.:)
>
> Background
>
> I have an ASA 5520 that's providing access to a private network via
> the Cisco VPN client. I wish to establish a few LAN-to-LAN sessions to
> branch offices using the same concentrator.
>
> Problem, when I apply one map to the outside interface the previously
> added map is removed.
This is "by design". :-) You can only use one crypto map per interface.
To define more than one peer you need to use the serial ("crypto map
<name> <serial>") to differentiate them.
Remember that the dynamic map should be in the very end of the crypto
map definition.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ike.html
Regards,
Peter Rathlev
More information about the cisco-nsp
mailing list