Ipsec identifier (sorry for stupid question)



  • sorry for stupid question.
    for ipsec tunnel "My identifier" -> "My IP address" could be used for more than one tunnel? with the same identifier.
    both tunnels are to different cisco routers

    k



  • @kristaps.kr:

    sorry for stupid question.
    for ipsec tunnel "My identifier" -> "My IP address" could be used for more than one tunnel? with the same identifier.
    both tunnels are to different cisco routers

    k

    sorry for asking once more. But can someone give straight answer. yes or no?
    for several tunnels for all of them one identifier "My IP address". will it work and is it posible?

    brgds
    kristaps



  • If you're using a static IP, yes, you can leave "My IP address" as the identifier for multiple VPN connections.

    If you're using a dynamic address that registers via Dynamic DNS so it's resolvable, you can also use "My IP address" there- you just need to refer to it by name rather than IP address on the other side of the VPN in the "Remote Gateway" field.

    If you're using neither a static IP nor a dynamic with DDNS, you're going to have to enter something here to make it uniquely identifiable to the other end of the tunnel so you can create a connection. Use the drop-down box to select something other than your IP address and fill in whatever you want.



  • thnx for explanation. maybe one more question.
    If i have two tunnels on pfsense, how pfsense will know which is which tunnel?

    How it will know the right one tunnel if the identifiers are the same. there are only differences in subnets, remote gw, key and timing for phases.

    brgds
    k



  • IPSec keeps all of that straight. You could have ten or twenty different tunnels with as many subnets terminating at the same IP address.

    You may be used to setting up services that use a single listening port at a remote host, and once that port is connected it can't be used for any other connections. IPSec doesn't work that way, fortunately.


Locked