03-01-2013 10:54 AM
I need to establish VPNs from a PA5050 to Cisco devices where there are multiple encryption domains at the Cisco end.
I understand using one proxy id on the PAN to match one encryption domain on the Cisco, i.e. connecting route based to policy based VPN devices.
My question is how to set up multiple Proxy IDs from a PAN device to match multiple encryption domains on a Cisco VPN peer.
Do you set up multiple IPSec tunnels on the PAN device, each with one proxy ID using the same tunnel interface and route the remote Proxy ID IP blocks to the tunnel?
To set up this environment on Netscreen Screen OS devices, NHTB is used to bind multiple Proxy IDs to a tunnel. Is there any similar concept for PAN devices?
Thanks for any insight.
03-01-2013 11:29 AM
You can add multiple proxy ids to the same tunnel instead of creating multiple tunnels. Please note that pre-5.0 only 10 proxy ids are supported per tunnel.
03-01-2013 11:29 AM
You can add multiple proxy ids to the same tunnel instead of creating multiple tunnels. Please note that pre-5.0 only 10 proxy ids are supported per tunnel.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
