can i run ipsec remote access  vpn and site to site at the same time on same asa

philb19
philb19 used Ask the Experts™
on
hi both on same asa firewall - remote access vpn already in place

can i also add site to site  vpn? thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Yes. Just make sure your site to sites take precedence over your remote access. Example below has two L2L and then map 65535 is the remote access. It's just a partial config to give you an idea.

crypto map OUTSIDE_map 1 match address STS_X
crypto map OUTSIDE_map 1 set pfs
crypto map OUTSIDE_map 1 set peer 1.2.3.4
crypto map OUTSIDE_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-3DES-SHA
crypto map OUTSIDE_map 2 match address STS_Y
crypto map OUTSIDE_map 2 set pfs
crypto map OUTSIDE_map 2 set peer 4.5.6.7
crypto map OUTSIDE_map 2 set ikev1 transform-set ESP-AES-128-SHA ESP-3DES-SHA
crypto map OUTSIDE_map 65535 ipsec-isakmp dynamic REMOTE_ACCESS
crypto map OUTSIDE_map interface OUTSIDE

Author

Commented:
Great thanks - Do i need to worry about duplicate IPs with a site-to site VPN - other network having same IP'/ranges as us?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial