Hi All,
Is it possible to have multiple phase 2 tunnels running over the same phase 1? My case is that i have two firewalls with multiple VR's and I would like to created a route based VPN between all the VR's. The two firewalls are connected to each other via one public IP on each side so I would essentially ahve one phase 1 setup with mulitple ST0 interfaces terminating in different VR's
As you can see below I tried to make one ike gateway then have two vpn's reference it. It seems to work for a few minutes then only one of them remains up and the other goes down.
ike {
policy ike-policy1 {
mode main;
proposal-set standard;
pre-shared-key ascii-text "$9$BSg1hreK8db27-DkmPn6IEclWx"; ## SECRET-DATA
}
gateway ike-gate {
ike-policy ike-policy1;
address 5.5.5.2;
external-interface fe-0/0/0;
}
}
ipsec {
traceoptions {
flag security-associations;
}
policy vpn-policy1 {
proposal-set standard;
}
vpn ike-vpn {
bind-interface st0.0;
ike {
gateway ike-gate;
ipsec-policy vpn-policy1;
}
establish-tunnels immediately;
}
vpn CustomerA {
bind-interface st0.100;
ike {
gateway ike-gate;
ipsec-policy vpn-policy1;
}
establish-tunnels immediately;
}
}