Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
2
Replies

VPN L2L connection using 2 different WAN interface on central ASA

cminard
Level 1
Level 1

‎04-23-2009 05:07 AM - edited ‎03-11-2019 08:22 AM

Hello everybody

I am new to ASA configuration and I need some advice.

I have an ASA IPSEC VPN Hub and Spoke configuration with fixed IP@ (outside) on the central ASA and dynamic IP@ on the spokes.

I have now a new ISP link connected to my central ASA (new interface let's say outside2) and I'd like to migrate some L2L VPN links to that new interface 'outside2', whereas some remain on the other interface 'outside'.

Is that possible ?

I can't understand what to do with the routes. The central ASA can only have one default route but how is it aware of the public IP@ of the spokes in order to establish the tunnel via outside or outside2 interface ?

Thanks for your help

Caroline

Labels:
0 Helpful
2 Replies 2

plumbis
Level 7
Level 7

‎04-24-2009 07:15 PM

I believe the only way to accomplish this would be with static routes to the remote sites pointing at your new outside2 interface. Then configure your tunnel normally with the remote site pointing to the outside2 IP as its remote peer.

0 Helpful

cminard
Level 1
Level 1
In response to plumbis

‎04-26-2009 11:49 PM

I was afraid of that answer ...

Since remote sites have dynamic IP @, I cannot know in advance which @ they will have so I cannot configure static routes to them ...

Is there no way to force the central ASA respond using interface outside2 when a VPN peer explicitely tries to establish a tunnel to that interface ?

Then, when the VPN tunnel is OK, the inside network @ of remote sites are automatically pushed in the local ASA routing table, isn't it ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card