Scenario:

Problems establishing two IPSEC SA’s (Security Associations) between the same two hosts using different subnets when using 2600 series routers.

 

Solution:

Vigor2600 is an old model which does not support Multiple SA feature.

To support multiple VPN networks between two Vigor routers, you do not need to use multi-SA features. Instead you may use the ‘More’ function to add static routes, which is in the LAN to LAN profile

 

The following example shows how to use the More function:
————-
Suppose you have the following topology.
192.168.1.0/24—vigor2910—-VPN—-vigor2600—172.17.1.0/24
| |
192.168.5.0/24–| |–172.17.5.0/24

You have the following setup:
In 2910’s lan2lan profile:
Remote Subnet: 172.17.1.0/255.255.255.0
More window: 172.17.5.0/24

In 2600’s LAN to LAN profile:
Remote subnet: 192.168.1.0/255.255.255.0 More window: 192.168.5.0/24