Can multiple VPN tunnels use the same gateway?

  • Noob question warning!

    If I have 4 sites to tunnel between, can I use a single gateway and have each tunnel from a site use it or do I have to create a seperate gateway for each tunnel? Make sense? This is regarding policy based vpn between sites with static public IP’s.

    Thanks in advance.

  • I know you can do this with a route-based VPN but not sure about policy-based. The problem is how does the Netscreen know which SA goes where for traffic. With route-based you can configure NHTB table entries to take care of that and have 4 different sites share a single tunnel interface (hence a single gateway configuration).

    My question is why would you want to do this? Why not create 4 separate IKE gateways and have each site use it’s own gateway? This is far simpler to do especially considering even in the smallest box, the 5GT, you can create up to 25 VPN tunnels. Is there a reason you want to do this using a single IKE gateway? If so is there a reason you can’t use route-based VPNs?

  • yes

    you can have one physical interface but have mutiple tunnels going out of it.