2 VPN interfaces on the same device

svanguilder · ‎10-10-2008

Hi all,

I have a bit of a dilemma. We have an ASA 5510 which we currently have some L2L and remote access VPN connections on.We brought in a higher speed line to terminate our VPN on and I need start moving VPN connections to the new interface. I overlooked one issue the default route, it won't follow the same interface it connects to back out. Can I have 2 default routes so that is sends out both interfaces? I know this is a stretch, but I am hoping someone has a solution for this.

singhsaju · ‎10-10-2008

Hi,

You can create specific routes for VPN peers (moved to new interface) pointing towards the new interface. Keep the default route as it is .

route VPN Peer ip 255.255.255.255 XXX.XXX.XXX.XXX 1

I do not think two default routes would work.

HTH

Saju

Pls rate helpful posts

svanguilder · ‎10-10-2008

I did that with a test connection and it did work. The L2L connections are the easy ones, it is the client based ones that are going to be an issue as there are a lot of them and trying to do a static route individually will be an monstrous task.

Anyone know much about policy based routing? Can I setup a routing policy that allows routing back out the originating interface? That would make life much easier.