Several VPN site to site on the same ASA

I need to set up an IPSEC tunnel to allow a provider to the remote site printing to a printer on my network.  I intend to use an ASA 5520 to do this.  The architecture is fairly simple:

[Remote]-[Remote FW] --[FW Local]-[Local routing]-[printer]

The downside is that there is finally more than a seller who needs to do.  Each will have a different destination but mena there will be more than a VPN to ASA at my end.  It seems that the ASA 5520 can be supported more than a VPN site to site, but I need to assign an IP address for different endpoint in each tunnel?

I searched and found no a design guide for the VPN site - to-many.  If so, I'd appreciate a pointer.

--

Stephen

You can do several tunnels VPN site to site.  As a general rule, you would have a card encryption applied to the interface in the face of internet.  Each crypto map entry has a sequence number. You simply have to create all the necessary configurations (tunnel-group for the remote peer IP, ACL to set interesting traffic, etc.) and increment the entry card crypto.

 Example: crypto map outside_map 1 match address s2s-VPN-1 crypto map outside_map 1 set pfs crypto map outside_map 1 set peer 1.2.3.4 crypto map outside_map 1 set transform-set ESP-3DES-SHA tunnel-group 1.2.3.4 type ipsec-l2l tunnel-group 1.2.3.4 ipsec-attributes  ikev1 pre-shared-key SomeSecureKey$ crypto map outside_map 2 match address s2s-VPN-2 crypto map outside_map 2 set pfs crypto map outside_map 2 set peer 4.5.6.7 crypto map outside_map 2 set transform-set ESP-3DES-SHA tunnel-group 4.5.6.7 type ipsec-l2l tunnel-group 4.5.6.7 ipsec-attributes ikev1 pre-shared-key SomeSecureKey2$

Tags: Cisco Security

Similar Questions

  • Easy VPN with IPSec VPN L2L (Site - to - Site) in the same ASA 5505

    Hi Experts,

    We have an ASA 5505 in our environment, and currently two IPSec VPN L2L tunnels are established. But we intend to connect with VPN (Network Extension Mode) easy to another site as a customer. Is it possible to configure easy VPN configurations by keeping the currently active IPSec L2L VPN(Site-to-Site) tunnels? If not possible is there any work around?

    Here's the warning we get then tried to configure the easy VPN Client.

    NOCMEFW1 (config) # vpnclient enable

    * Delete "nat (inside) 0 S2S - VPN"

    * Detach crypto card attached to the outside interface

    * Remove the tunnel groups defined by the user

    * Remove the manual configuration of ISA policies

    CONFLICT of CONFIG: Configuration that would prevent the Cisco Easy VPN Remo success

    you

    operation was detected and listed above. Please solve the

    above a configuration and re - activate.

    Thanks and greetings

    ANUP sisi

    "Dynamic crypto map must be installed on the server device.

    Yes, dynamic crypto is configured on the EasyVPN server.

    Thank you

  • If we have 2 remote sites with the same shared storage, can we mount a drive shared on remote site?

    Dear Experts,

    If we have 2 remote sites with the same shared storage, can mount us a drive on remote site?

    • Assume that the oracle database is on the shared disk (for example HP 3PAR)
    • Primary Oracle server with storage as a common drive (storage shared on sites geographical apart) have all the files database.
    • failure, it is possible to mount the drive even at the remote site and mount the database oracle it?

    There must be no effect on the as it should the same disk that has dismantled master site.

    Thank you and best regards,

    IVW

    Thanks a lot mseberg

    Is it a design valid ?

    • We have remote sites and want to set up DR. As we only SE pare data is therefore no choice.
    • We think of the SAN replication option.

    Have you ever seen / configured such architecture or design?

    Can you please throw some light on this. Thanks in advance for your ideas.

    Thank you best regards &,.

    IVW

  • I can access both sites at the same time?

    Dreamweaver has the possibility to open two websites at the same time?

    Basically I have a CMS that is hosted on a server, which connects to my customer sites on other servers. I want to be able to open files on a server and change and also to edit files on a different server at the same time.

    If it is not available in Dreamweaver, then I think it should be. I often need to copy the code to a page in a site to another page to different site. For the ability to have two windows open, each connected to a site server different Web would be valuable to me. By having separate windows, each can have its own connection to the server. I don't know how that would be easy, but I like it!

    See you soon

    Glynn

    You can only connect to a single site at the same time.  And you need to change the files locally, save & then upload to the remote server.   As far as I KNOW, no unique FTP application is capable to connect to multiple servers at once.  You might be able to do what you want with open DW and some additional 3rd client like Filezilla FTP, every time you connect to different servers.

    Nancy O.

  • Multiple sites using the same instance of CF?

    Hi Gang-
    I have a client who has recently improved CF Pro to Enterprise and they use in a relatively simple way as an intranet. They would like to help me configure a second instance for the purpose of a staging server, but I noticed after they revealed they do not have the link of Enterprise Manager in their CF Admin screen.

    They need to reinstall CF using the MultiServer installation version to be able to deploy a second instance of CF? Need to uninstall and reinstall? Ugh...

    Can't they just create a second site under their web server, using a different port and you worry about the second instance of CF? Best practices for a moment, remember, they do not necessarily expand on this server, it is intended to be a staging server.

    Any ideas on the best and fastest way to handle this?

    Many thanks in advance,
    Rich

    Many questions, many answers. :-)

    Yes, rich, they would need to install the version multiserver for you to see this Enterprise Manager option in the CF Admin. But no, they would not need to uninstall the server deployment (what you did) to add to the MultiServer deployment. They can coexist (although it is not something most would do in general).

    The best news for you is that, Yes, they can indeed just set up a second site on their web server, and who also point to the deployment server CF one you have installed. It is, of course, assuming that they are running a web server that supports multiple sites. If it's Apache, you're good. If this is Windows, then as long as the Windows Server 2003 (or 2008 or Vista), you're good, too. (Just to be complete, for other readers, XP does not allow you run multiple sites at the same time.)

    If during the installation of the CF tells you that there all sites on the web server with CF, you need do nothing again create site. It should be immediately able to run pages CF. If you said that it is in CF link to a site, then you will need run the server web Configurator again. You can do it manually, even after installation. See the CF Admin and Config docs to learn more about it, as well as on this issue. (I know many like to just run things and hope that the interface is pretty clear, but as this issue shows, for some things anyone installing CF will be well served by looking at this collection of Miss often.)

    Hope that helps, Rich. It is not a RTFM response. :-) Suffice it to say that if you need more that what I said, it's in the manual. Yet, I am happy to answer follow up if I can.

  • I copied a title several times throughout a project on the same video track. I need to change one thing in each title, but when I change one thing on one, he turns them ALL. How can I avoid this?

    I copied a title several times throughout a project on the same video track. I need to change one thing in each title, but when I change one thing on one, he turns them ALL. How can I avoid this?

    dariusb

    What version of Premiere Elements and on what operating system works - it? At the moment a generalization...

    You need to create the title in the Titler, close the titration module, open the media project, right click on the thumbnail of the title in the media of the project and select duplicate.

    Then drag the duplicate to the timeline. Double-click the duplicate to open the titration module to change the title in doubles.

    If please examine, study and provide more information, so that I can refine (Customize) the answer for you.

    Thank you.

    RTA

  • VPN site to Site on the same subnet of addresses LAN - cannot communicate

    Hello

    I have the VPN tunnel between Site A and B which are both on the same local network.

    Site A has a lan from 192.168.0.0/24 Interior and a demilitarized zone of 10.0.0.0/24

    Site B has a lan from 192.168.0.0/24 Interior

    I have the Setup vpn to communcaite the Site A DMZ with Site B on the inside.

    The two tunnels are in place but I can't ping the other view and vice versa. Also in the DMZ when I ping the 192.168.0.0/24 range timesout ping, I guess that's because the ping is sent inside the line of A site. Also the DMZ is a secuity level 50 and inside the site lan security level 0.

    Is it possible to make this work?

    Thank you

    John,

    This could be a solution.

    If they NAT their network to their Outside IP address this work, but a little bit different from a regular tunnel.

    If they NAT their 192.168.0.0/24 entiner network IP address outside the box of Juniper, then get implemented and they will be able to send traffic and access to your network without problem. However, you will be able to send traffic (start) on their side, because their internal network behind the external IP address. If such translation is called PAT.

    If you need full two-way communication through the tunnel you should ask them to translate their network in a one to one translation database so that they can get to you and you can view.

    The other solution is to translate their network into your ASA. You can do the following:

    192.168.200.0 static (outdoors, DMZ) 192.168.0.0 netmask 255.255.255.0

    With these lines in place, the configuration of the tunnel will remain the same, no change is required. But when you need to access their network you must point the traffic to the 192.168.200.0/24, not the original 192.168.0.0/24 address.

    So, in case you need to access their 192.168.0.10 your DMZ host, you should actually try to access the 192.168.200.10.

    Why don't you give it a shot and let me know the results?

  • Firefox open multiple tabs of the same site at the same time, why

    some site that I visit - when I try to use yahoo or facebook, messaging - multiple tabs of the same pop up and open and bring me to this last open tab - never let me finish what I'm doing. Why is this happening?

    I had this problem (when I opened Firefox, Facebook kept several tabs open, even when I was on other sites such as Google).

    After you restart Firefox with modules disabled (via the Help menu Firefox), I enabled first of all Plugins, then the Extensions, on-to-one.

    The problem is back only when I activated Facebook Toolbar 1.7.3 and disappeared when I disabled it again.

    This extension has been updated on 3 August 2011, which is probably when the problem started to appear (worse gradually). The extension tries to integrate some utilities of Facebook with the browser, but it's something that I can easily live. If you are having similar problems, try disabling Facebook Toolbar 1.7.3

  • How can I download the new update on my Macbook pro when the password is not working? When I connect to the Adobe site with the same user name and password it DOES not work. I don't understand why.

    So I have a macbook pro - and she advised me that I had to update my Adobe flash player. So I go through all the steps and I'm stuck at the last stage, where he asks me my user name and password. I go in there correctly - several times and it does NOT connect. He shakes to show that there's an error. Double check my file AND I go to the Adobe site to connect with the same information. and it works very well.

    WHAT IS THE PROBLEM? Help please.

    Could you please try ComputerName administrator as username and the password as password.

    I hope this works.

    Concerning

    Hervé Khare

  • How to display two open sites at the same time on the screen instead of switch between tabs?

    I need to open two different sites using Firefox. They appear as tabs, but I can only show a tab at a time and have continually switch back. I need to have two separate sites open and displayed simultaneously on the screen. Is there a way to do this or an add-on that will support multiple windows open on the screen?

    You can open all pages in separate windows and resize and position windows horizontally or vertically to the two visible at the same time.

    Note that you can drag a tab slightly downwards in the navigation window to tear off the tab, or use the context menu of the tab (transition to the new window).

  • How can I view 2 sites at the same time (using the ms ms ctrl button to split the screen)

    I can't open a second secession of ff if I can use the split screen feature offered by windows. I want to see 2 things at the same time I cannot compare etc.

    Try this: https://addons.mozilla.org/en-US/firefox/addon/fox-splitter/?src=ss

    Alternatively, open a second window of Firefox (Firefox button > new tab > new window or Ctrl + N), the second loading site, resize the windows side by side.

    If this answer solved your problem, please click 'Solved It' next to this response when connected to the forum.

    Not related to your question, but...

    You may need to update some plug-ins. Check your plug-ins and update if necessary:

  • How to implement multi-site with the same URL field in the ATG

    Hi guys,.

    I have a multisite transposition obligation with the same url domain but ATG does not support same domain URL for multisite. Can someone please help me with this problem?

    David.De - Oracle

    Thank you

    Vivek

    As I said use custom filters to read the parameter when the user clicks on the link for the site of CA and set the site context.

    You can store a cookie that determines the site for subsequent applications.

    Peace

    Shaik

  • Delete the old site, keep the same url of the new site.

    I am new to Adobe Muse, and when I'm confused, I'm HEAVILY confused.

    Been looking for this topic but could not find a clear answer.

    I gave my business site a complete overhaul, so I have two projects on Muse. However, I would like to delete the old site and download the new site. Is there a way to keep the same URL?

    Thank you!

    Use the credentials of your first site when downloading a new. When you upload your site, click "Switch account" top-right in the window "Upload to FTP Host.

  • How can I get rid of this by-side split screen, where it displays two sites at the same time, covering the major part of one of them to the top?

    Right now, I look at my screen and this mozilla site occupies the right hand of 75% of the screen. On the left hand 25% of my screen, I see a part of the site of scholarship that I want to see and I can't close the window on the right side of the screen without stopping completely from Mozilla. I know this has something to do with the settings, because it happened when I was messing around with the settings but I can't reverse the trend of tha. Thank you!!!

    Opening in the sidebar is the default value for the bookmarks created via a link or a button on a Web site.
    You can view the properties of a bookmark using the context menu in the side bar (Ctrl + B; Command + B on Mac).
    In the Bookmark Manager (Bookmarks > show all bookmarks) you can click on the button more in the lower details pane on the right.
    Make sure "Load this bookmark in the sidebar" is not selected.

  • Several VPN site to Site

    Hello. I have a central router and 52 customer routers and I want these clients to connect to the central router with VPN. Advice or how the configuration on the clients and the server? Thanks in advance for any help.

    If you want to use SDM

    http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_white_paper0900aecd801af458.shtml

    If you use CLI

    http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_white_paper09186a008018983e.shtml

Maybe you are looking for