Multiple tunnels can be created for Umbrella SIG even from the same location.
For devices that support FQDN VPN ID:
Multiple tunnels can be created behind the same egress IP if "User FQDN" VPN ID is used to identify the tunnel.
- Configure the Network tunnels using the 'Other' profile in (Deployments > Network Tunnels) in Umbrella.
- This allows you to optional configure an FQDN to be used as the Tunnel ID, instead of IP address.
- Reconfigure your device to use the configured "User FQDN" peer ID. (eg. firstname.lastname@example.org)
The tunnels can optionally terminate at the same Umbrella DC. For instance, if the tunnel ID are email@example.com and firstname.lastname@example.org. They can terminate on the same head-end.
ASA 9.17 Firmware
The latest Cisco ASA version(s) include the ability to use "User FQDN" as the peer ID and therefore multiple tunnels can be created from the same location if desired.
crypto ipsec profile umbrella set ikev2 ipsec-proposal umbrella-ipsec-proposal set ikev2 local-identity email@example.com
The IP address is used as a unique VPN Peer ID for the tunnel. You must utilize different egress IPs for each tunnel. You can terminate both tunnels to the same Umbrella DC if desired.