Create a Post
Showing results for 
Search instead for 
Did you mean: 

IPSec VPN with multiple subnets


I need some guidance on one of our IPSec tunnels. Right now it is up and running fine, but we need to add additional IP addresses on our internal net.

Current configuration:
Our internal= Their internal= /29

They have a single server at

I have a group created that we need to add to our internal. The group contains 9 static IP addresses for workstations that need to connect to The 9 IP nodes in the group contain two different subnets (10.193.28.x addresses and 10.64.24.x addresses)

Is there a way to do this without creating a second VPN tunnel? Do we need to have all those static IP’s in the same subnet?


0 Kudos
2 Replies

Create a network group, for example "my-VPNdoamin", add in this group all current and later created subnets.....which you are already doing....

Think in subnet terms and not in static IP terms...... the 2 subnets have to still be defined at the remote site too...

So when the tunnel negotiate is negotiated in subnets terms....not single hosts,  on both side local and remote.

Then use security policy access control to "allow" or "deny" specific hosts access with service and application.


Yes, you can still create the VPN  tunnel in indvidual single hosts (inside the VPN Domain group)....

but you have make sure every single host you add on your side HAS to be DEFINEDand added on the remote side too....

VPN tunnels parameters have to match exactly on both sides.....

0 Kudos


I will recommend you follow the steps provided by Sal_Previtera and make use of the VPN admin guide if needed. Also you cannot create two tunnel to the same remote peer.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events