vpn newbie question

Unanswered Question
Mar 21st, 2007

I need to setup a vpn to a ASA5520 at site1 from an Tasman 1004 edge router at site2. The edge router already servers as the internet gateway and all the NATs are setup on it. Can the edge router be used to make the vpn tunnel without disrupting other traffic or would we need a dedicated VPN router to connect to the ASA5520.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kaachary Wed, 03/21/2007 - 13:18

Yes, you can have eedge router configured as VPN router if it supports VPN config.


Regarding NAT, you have to exmpt the VPN traffic from NAT on that router.


-Kanishka

john64079 Wed, 03/21/2007 - 13:47

Thank you for the fast response.


So i would have to create a new wan bundle for the VPN and link it to the T1s so it wouldn't interfere with the original bundle?



We have multiple IPs, so if the original bundle is configured with IP 65.11.11.11/30, i'd like to use an available IP like 65.11.11.12 for the VPN bundle.


kaachary Wed, 03/21/2007 - 15:54

Yes, you can have an interface with a routable public ip address, and apply the crypto map to it.


If the defaul gateway is pointing to the other WAN interface, you can put specific routes for the remote subnet pointing to the this VPN interface.


ip route


Hope this helps.


-Kanishka

john64079 Thu, 03/22/2007 - 05:29

I can't link either of the two T1s to the new bundle because they are linked to the original one. Unlinking a T1 just for a VPN is probably not an option. So I'll have to figure out how to configure it in the existing bundle and keep the vpn traffic exempt like you said above.

Actions

This Discussion