crypto map on asa  - question

cisco20
cisco20 used Ask the Experts™
on
Hi all,

Is there a need to create a new cryptomap like the following everytime I  add a new vpn connection or can many use the same ? .
 

crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 123.456.78.9
crypto map outside_map 1 set transform-set ESP-AES-256-SHA
crypto map outside_map 1 set security-association lifetime seconds 3600
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map 1 set nat-t-disable
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
No, each crypto map can be associated to more access-list (for example if you have more network to share) but can use only one peer at time. More than one peer on the map are used only for backup.

So if you just want to add an acl you can, if you want to use two or more active peer you need to create another map.
crypto map outside_map 2
crypto map outside_map 3
crypto map outside_map 4......... and so on.... just acl and peer ip will differ.... for every tunnel....

Author

Commented:
OK - just as a backup - makes sense - Thank you.

Author

Commented:
Not sure how to split points awarded but both answers helped. Thanks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial