Knowledgebase: VPN and Remote Access
How to set up Multiple IPSEC SA's between the same two hosts when NOT SUPPORTED???
Posted by on 24 January 2012 09:22 AM


Scenario:

Have problems establishing two IPSEC SA's between the same two hosts using different subnets when using 2600 series routers.

 

Solution:

Vigor2600 is an old model which does not support Multiple SA feature.

To support multiple VPN networks between two Vigor routers, you do not need  to use multi-SA features. Instead you may use the More function to add static routes, which is in the lan2lan profile

 

The following example shows how to use the More function:
-------------
Suppose you have the following topology.
192.168.1.0/24---vigor2910----VPN----vigor2600---172.17.1.0/24
| |
192.168.5.0/24--| |--172.17.5.0/24

You have the following setup:
In 2910's lan2lan profile:
Remote Subnet: 172.17.1.0/255.255.255.0
More window: 172.17.5.0/24

In 2600's lan2lan profile:
Remote subnet: 192.168.1.0/255.255.255.0 More window: 192.168.5.0/24

 

 

 

 

 




 

(0 vote(s))
Helpful
Not helpful

Comments (0)