VPN tunnels on multiple interfaces on ASA

Unanswered Question
Mar 3rd, 2009

Hi All,

I have an ASA 5510 that uses the OUTSIDE interface for Internet access and it uses a separate interface called VPN to accept VPN connections. This is working fine because the ASA has a default gateway pointing to the OUTSIDE interface and static routes pointing to all the Site-to-Site tunnels through the VPN interface.

Now, the problem is that I need to allow remote access VPN connections to the ASA.

I cannot connect with a VPN client to the ASA without knowing before-hand the public IP address where the client is coming from because there's no route through the VPN interface to that client. If I configure a static route through the VPN interface for the VPN client, then it works. Obviously this is not the solution I need, because most of the clients come from unknown addresses.

My question is:

Can I configure a different crypto map on the interface OUTSIDE to allow remote VPN clients and still allow all the Site-to-Site tunnels terminate on the VPN interface?

Is this clear?

Please let me know, thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion