Multiple remote subnets for IPSec VPN


#1

May I know how to add multiple remote subnets in IPSec configuration?

Thanks,
Thurein Aung


#2

If you use “classical” IPSEC with Phase 1 / Phase 2 you have to create 1 phase 2, I.E. “tunnel x” by remote subnet

Ex :
peer 111.75.132.21 {
authentication {
mode pre-shared-secret
pre-shared-secret ******************
}
connection-type initiate
default-esp-group esp-group-1
ike-group ike-group-1
local-address 11.22.33.195
tunnel 1 {
local {
prefix 192.168.1.0/24
}
remote {
prefix 172.16.1.0/24
}
}
tunnel 2 {
local {
prefix 192.168.1.0/24
}
remote {
prefix 172.16.2.0/24

In this config both tunnel 1 & 2 have the same local prefix but different remote prefixes.

If you use VTI then it’s classical routing and you create routes to direct traffic trough the tunnel.