How Do I Create a VPN to More Than One Site?

You can use Cisco SDM to create multiple VPN tunnels on one interface on your router. Each VPN tunnel will connect the selected interface on your router to a different subnet at the destination router. You can configure multiple VPN tunnels to connect to the same interface but to different subnets on the destination router, or you can configure multiple VPN tunnels that will connect to different interfaces on the destination router.

First, you must create the initial VPN tunnel. The steps below describe how to create the initial VPN tunnel. If you have already created your first VPN tunnel and need to add an additional tunnel to the same interface, skip the first procedure and perform the steps in the next procedure in this help topic.
Create the initial VPN tunnel:

1. From the left frame, select VPN.
2. Select Create a Site-to-Site VPN .
3. Click Launch the Selected Task.

The VPN Wizard starts.

1. Click Quick Setup.
2. Click Next>.
3. From the Select the Router Interface for this VPN Connection field, choose the interface on the source router on which to create the VPN tunnel. This is the interface connected to the Internet on the Local system in the Use Case Scenario diagram.
4. In the Peer Identity field, enter the IP address of the destination router interface.
5. In the Authentication fields, enter and reenter the pre-shared key that the two VPN peers will use.
6. In the Source field, select the interface that connects to the subnet whose IP traffic you want to protect. This is the Local router in the Use Case Scenario diagram, and is usually an interface connected to the LAN.
7. In the Destination fields, enter the IP address and subnet mask of the destination router.
8. Click Next>.
9. Click Finish.

Create an Additional Tunnel from the Same Source Interface

After you have created the initial VPN tunnel, follow these steps to create an additional tunnel from the same source interface to a different destination interface or destination subnet:

1. From the left frame, select VPN.
2. Select Create a Site-to-Site VPN.
3. Click Launch the Selected Task.

The VPN Wizard starts.

1. Click Quick Setup.
2. Click Next>.
3. From the Select the Router Interface for this VPN Connection field, choose the same interface that you used to create the initial VPN connection.
4. In the Peer Identity field, enter the IP address of the destination router interface. You can enter the same IP address that you entered when you created the initial VPN connection. This indicates that this second VPN connection should use the same interface on the destination router as the initial VPN connection. If you do not want both VPN connections to connect to the same destination interface, enter the IP address of a different interface on the destination router.
5. In the Authentication fields, enter and reenter the pre-shared key that the two VPN peers will use.
6. In the Source field, select the same interface used to create the initial VPN connection.
7. In the Destination fields, you have the following options:
8. If, in the Peer Identity field, you entered the IP address of a different interface on the destination router and want to protect the IP traffic coming from a specific subnet, enter the IP address and subnet mask of that subnet in the appropriate fields.
9. If you entered the same IP address in the Peer Identity field as you used for the initial VPN connection, indicating that this VPN tunnel will use the same router interface as the initial VPN tunnel, then enter the IP address and subnet mask of the new subnet that you want to protect in the appropriate fields.
10. Click Next>.
11. Click Finish.