Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 19340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple Site to Site IPSEC tunnels

mkleine
Greetings,

I'm working to get multiple s2s IPSEC tunnels set up, and I'm running into some concept issues of how these operate in ASG.

I'm able to bring up a tunnel with passwords, RSA keys, and Local/Remote keys on the external IP address, but when I try to expand each of those I run into trouble.

For example, the tunnel will work on the external IP address, but I can't get it working on any of the 'additional addresses' for that interface. Do I need to make individual sub-interfaces for each external IP address? Will multiple tunnels work on the same address/interface?

For example, if I use a preshared key, it seems that I must use the same preshared key on ALL IPSEC connections. Remote access and s2s preshared keys must match.

For example, if I use an RSA key, it seems like I can only have one RSA key combination among the various tunnels.

Am I missing something?

Thanks, 

Mark


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to BAlfson
    OK, Bob, I'm OK with Certs, but, how to handle multiples.

    I'm running certs on a tunnel using the external address of the external interface, and it's working well.

    To set up multiples, can I use the same IP 'gateway' address with multiple IPSEC tunnels?

    I've tried to change the IP address to one of the 'additional addresses' on the same interface, and those don't 'answer', or connect. (Live log shows the external address keys loading up.)

    Thanks, Mark
Children
No Data