VPN peers : have multiple Phase 2 and one phase 1

isi
Conversationalist

VPN peers : have multiple Phase 2 and one phase 1

Hello,

 

Is it possible to have multiple phase 2 behind one phase 1 with non-meraki VPN ?

Well ... is it possible to have multiple phase2 with meraki-meraki peers ? (I do not have a second meraki MX to try this)

2 Replies 2
Nash
Kind of a big deal

When you say Meraki-Meraki, do you mean two MX within the same organization using AutoVPN, or do you mean as third party VPN peers?

 

If you mean third party VPN, then it doesn't matter what model is at the other end of your tunnel.

 

Event-log wise, I'm only seeing single phase 2 negotiations on the tunnels I'm reviewing. Not like an ASA where you get a child policy for every subnet.

 

What are you trying to do?

GIdenJoe
Kind of a big deal
Kind of a big deal

Yes to question one.

If you run the newer beta you'll even get better logging where the SA's will be mapped to the correct traffic selectors.

Question two well you can have multiple VLANs but it's not true IPsec so I don't think it actually works with phases and negotiations.  Everything is rather orchestrated with the cloud.

Get notified when there are additional replies to this discussion.