Anyone know if it is possible to support both site-to-site vpn and remote access vpn on the same ASA off the same interface? It doesn't look like it is possible due to the limitation of one dynamic crypto map per interface? Is that right or am I missing something?

Spec: ASA 5510 Version 8.0(4)

_________________
"It can also be argued that DNA is nothing more than a program designed to preserve itself. Life has become more complex in the overwhelming sea of information. And life, when organized into species, relies upon genes to be its memory system."

You're missing something.

First of all, dynamic crypto maps are usually associated with RA VPNs whereas normal crypto maps are associated with site-to-sites. That's not to say you can't have it the other way around, it just depends on the source of the connection.

At any rate, you can only have one crypto map applied to an interface at a time, but the crypto map supports many policy numbers. You can specify a different site-to-site with each policy number:



And so on. In addition, a dynamic entry for a crypto map is usually placed as the last policy number (65535) and supports multiple dynamic clients.

_________________
Reasonably un-nerdy blog:
americanwerewolfinbelgrade.wordpress.com/