Screen OS

Using a SSG520 ver 6.2.0r6.0. Can't upgrade to 6.3 as the firewall is a production device and we do not have plan maintenance window in the near future.

I need to create multiple "proxy ids" between two locations. There is an existing tunnel with one proxy id.

I have been told you can create multiple sa's or vpns and bind them to one tunnel.

The current vpn is:

set vpn "spectrumK12" gateway "gw_spectrumK12" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha"
set vpn "spectrumK12" id 0x27 bind interface tunnel.8

set vpn "spectrumK12" proxy-id local-ip 172.20.1.0/24 remote-ip 172.16.6.0/24 "ANY"

I'm wondering if I can create a second using:

set vpn "spectrumK12_2" gateway "gw_spectrumK12" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha"
set vpn "spectrumK12_2" bind interface tunnel.8
set vpn "spectrumK12_2" proxy-id local-ip 172.20.2.0/24 remote-ip 172.16.6.0/24 "ANY"

The remote gateway is a cisco ASA which should be able to mirror this config.

Is this possible or is there another way to accomplish the same thing?

Thnak you in advance,

Brent

You cant configure two Phase 1's for same gateway. rather for your requirement you can configure two phase 2 for same phase 1

set vpn "spectrumK12" id 0x27 bind interface tunnel.8

set vpn "spectrumK12" proxy-id local-ip 172.20.2.0/24 remote-ip 172.16.6.0/24 "ANY"

Regards

Sarab

=================================================================

Pls click the button "Accept as Solution" if my post helped to solve your problem