IPSec VPN Proxy ID setup with multiple encryption domains on a policy based VPN peer

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

IPSec VPN Proxy ID setup with multiple encryption domains on a policy based VPN peer

L0 Member

I need to establish VPNs from a PA5050 to Cisco devices where there are multiple encryption domains at the Cisco end.

I understand using one proxy id on the PAN to match one encryption domain on the Cisco, i.e. connecting route based to policy based VPN devices.

My question is how to set up multiple Proxy IDs from a PAN device to match multiple encryption domains on a Cisco VPN peer.

Do you set up multiple IPSec tunnels on the PAN device, each with one proxy ID using the same tunnel interface and route the remote Proxy ID IP blocks to the tunnel?

To set up this environment on Netscreen Screen OS devices, NHTB is used to bind multiple Proxy IDs to a tunnel. Is there any similar concept for PAN devices?

Thanks for any insight.

1 accepted solution

Accepted Solutions

L5 Sessionator

You can add multiple proxy ids to the same tunnel instead of creating multiple tunnels. Please note that pre-5.0 only 10 proxy ids are supported per tunnel.

proxy.JPG

View solution in original post

2 REPLIES 2

L5 Sessionator

You can add multiple proxy ids to the same tunnel instead of creating multiple tunnels. Please note that pre-5.0 only 10 proxy ids are supported per tunnel.

proxy.JPG

L5 Sessionator

Each tunnel can have up to 10 proxy IDs. If you need more proxy IDs to the remote location you can configure a second tunnel to the VPN peer for the other proxy IDs.


Refer:



-Ameya


  • 1 accepted solution
  • 8266 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!