I have an interesting situation where I need to create 2 seperate tunnels (on a single ASA 5510) which will have the same remote subnet.
Reason behind this is, at the remote side, the end user has 2 seperate internet connections, and has a seperate firewall on each, with a different tunnel endpoint IP address.
So a current tunnel is already in place, but with the addition of the 2nd upstream at the remote site and 2nd firewall, is it possible to create a 2nd tunnel on the ASA on my side, but with the same remote subnet as the first tunnel?
My initial thought is that this will not work, because the ASA would not know which tunnel to use primarily, if the connections were being established from this end.
Would a dynamic setup be better? So that the end user would have to establish the VPN connection from his end, so it would not really matter which one of his internet providers he is currently using.
I guess if I were landing the tunnels on different firewalls on my end, then I could use RRI and change the route priorities, but that is not an option in this case.
Thanks for any thoughts / suggestions.
ASA1 >>> Remote Firewall1 >>> 10.10.3.0/24
ASA1 >>> Remote Firewall2 >>> 10.10.3.0/24