IPSec VPN Proxy ID setup with multiple encryption domains on a policy based VPN peer

Reply
Highlighted
L0 Member

IPSec VPN Proxy ID setup with multiple encryption domains on a policy based VPN peer

I need to establish VPNs from a PA5050 to Cisco devices where there are multiple encryption domains at the Cisco end.

I understand using one proxy id on the PAN to match one encryption domain on the Cisco, i.e. connecting route based to policy based VPN devices.

My question is how to set up multiple Proxy IDs from a PAN device to match multiple encryption domains on a Cisco VPN peer.

Do you set up multiple IPSec tunnels on the PAN device, each with one proxy ID using the same tunnel interface and route the remote Proxy ID IP blocks to the tunnel?

To set up this environment on Netscreen Screen OS devices, NHTB is used to bind multiple Proxy IDs to a tunnel. Is there any similar concept for PAN devices?

Thanks for any insight.


Accepted Solutions
Highlighted
L5 Sessionator

Re: IPSec VPN Proxy ID setup with multiple encryption domains on a policy based VPN peer

You can add multiple proxy ids to the same tunnel instead of creating multiple tunnels. Please note that pre-5.0 only 10 proxy ids are supported per tunnel.

proxy.JPG

View solution in original post


All Replies
Highlighted
L5 Sessionator

Re: IPSec VPN Proxy ID setup with multiple encryption domains on a policy based VPN peer

You can add multiple proxy ids to the same tunnel instead of creating multiple tunnels. Please note that pre-5.0 only 10 proxy ids are supported per tunnel.

proxy.JPG

View solution in original post

Highlighted
L5 Sessionator

Re: IPSec VPN Proxy ID setup with multiple encryption domains on a policy based VPN peer

Each tunnel can have up to 10 proxy IDs. If you need more proxy IDs to the remote location you can configure a second tunnel to the VPN peer for the other proxy IDs.


Refer:



-Ameya


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!