Create Multiple IPSEC Tunnels for CDFW
Available Languages
Introduction
This document describes how to create multiple IPSEC tunnels for CDFW.
Create Tunnels
Multiple tunnels can be created for Umbrella SIG even from the same location.
Note: You cannot re-use the same Tunnel ID at any time. Each IPSEC connection must use a unique Tunnel ID. Duplicate Tunnel IDs can result in traffic failing to pass.
For devices that support FQDN VPN ID:
Multiple tunnels can be created behind the same egress IP if "User FQDN" VPN ID is used to identify the tunnel.
- Configure the Network tunnels using the 'Other' profile in (Deployments > Network Tunnels) in Umbrella.
- This allows you to optional configure an FQDN to be used as the Tunnel ID, instead of IP address.
- Reconfigure your device to use the configured "User FQDN" peer ID. (for example: site1@12345678-987654321-umbrella.com)
The tunnels can optionally terminate at the same Umbrella DC. For instance, if the tunnel ID are site1@12345678-987654321-umbrella.com and site2@12345678-987654322-umbrella.com. They can terminate on the same head-end.
Note: You cannot re-use the same Tunnel ID at any time. Each IPSEC connection must use a unique Tunnel ID. Duplicate Tunnel IDs can result in traffic failing to pass.
Here is an example of multiple connections from the same egress IP to the Miami Datacenter.
|
(Tunnel ID) |
SRC IP |
DST IP |
SRC PORT |
DST PORT |
Protocol |
|
one@123-123-umbrella.com |
203.0.113.42 |
146.112.84.8 |
4500 |
4500 |
IPSEC |
|
two@123-456-umbrella.com |
203.0.113.42 |
146.112.84.8 |
4501 |
4500 |
IPSEC |
|
three@123-789-umbrella.com |
203.0.113.42 |
146.112.84.8 |
4502 |
4500 |
IPSEC |
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
26-Sep-2025
|
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)