[c-nsp] asa 5520, more than one crypto map?

Peter Rathlev peter at rathlev.dk
Mon Aug 17 19:16:21 EDT 2009


Hi Scott,

On Mon, 2009-08-17 at 15:30 -0700, Scott Granados wrote:
> Hi, I'm having an issue binding more than one map to the outside
> interface so I need someone to set me straight.:)
> 
> Background
> 
> I have an ASA 5520 that's providing access to a private network via
> the Cisco VPN client. I wish to establish a few LAN-to-LAN sessions to
> branch offices using the same concentrator.
> 
> Problem, when I apply one map to the outside interface the previously
> added map is removed.

This is "by design". :-) You can only use one crypto map per interface.
To define more than one peer you need to use the serial ("crypto map
<name> <serial>") to differentiate them.

Remember that the dynamic map should be in the very end of the crypto
map definition.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ike.html

Regards,
Peter Rathlev




More information about the cisco-nsp mailing list