Using a ASA5520 with seperate ISP's for internet and vpn access

Unanswered Question
Jun 5th, 2008

Is it possible to use a pair of ASA 5520's in Active/Standby mode with a seperate ISP for internet access and VPN access? We want to seperate Internet and VPN traffic.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Thu, 06/05/2008 - 08:57

What do you mean by 'VPN Traffic'? An MPLS-Based IP-VPN provided by a DSP? Or this is your WAN Intranet sort of link, on which VPNs will be terminated? Anyway both these cases are possible as long as you don't need a default route. Because the ASA cannot have two default routes pointing to two different interfaces. As you know Internet will (almost) always require the default route.



jidesai01 Thu, 06/05/2008 - 10:08

By VPN traffic, I mean that we will have to seperate connections to the internet by different ISP's. One connection will be used for access to the internet (web browsing) and the second for IPSEC and SSL VPN connections to different small offices. To make this work, would I configure two outside and two inside interfaces? Are there any docs I can look at? Thanks.


This Discussion