ASA terminate LAN2LAN VPN's on unique addresses

Unanswered Question
Feb 20th, 2009

I currently have an ASA5550 terminating 10 LAN2LAN tunnels on one public IP address on the outside interface. Is it possible to terminate each LAN2LAN tunnel with a unique local address? This way if a tunnel needed to be moved to a new ASA the remote LAN2LAN peer would not need to be reconfigured.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Thu, 02/26/2009 - 08:40

Unless you terminate them on a different interface, and configure the routing accordingly your answer would be no.

jjaques Mon, 03/02/2009 - 00:51

Hello, thanks for your feedback. I have interfaces that I can use on the ASA. My question is can I configure the additional Gig interfaces as outside interfaces and place them in the SAME subnet/vlan as the current outside interface (bridge them together). I think I have read that the interfaces must EACH be in a separate VLAN and subnet. thanks

mkkeyan Mon, 03/02/2009 - 03:27

same subnet not possible , only option you can use static nat, permitting Ipsec ports.

jjaques Mon, 03/02/2009 - 04:07

Hi mkkeyan,

can you explain that configuration in a bit more detail? I understand static NAT and can permit ESP and IKE, but what am I natting?


This Discussion