ASA - 2 IPSec L2L Tunnels, Same Remote Subnet

Unanswered Question
Jan 14th, 2010

Hello,

I have an interesting situation where I need to create 2 seperate tunnels (on a single ASA 5510) which will have the same remote subnet.

Reason behind this is, at the remote side, the end user has 2 seperate internet connections, and has a seperate firewall on each, with a different tunnel endpoint IP address.

So a current tunnel is already in place, but with the addition of the 2nd upstream at the remote site and 2nd firewall, is it possible to create a 2nd tunnel on the ASA on my side, but with the same remote subnet as the first tunnel?

My initial thought is that this will not work, because the ASA would not know which tunnel to use primarily, if the connections were being established from this end.

Would a dynamic setup be better?  So that the end user would have to establish the VPN connection from his end, so it would not really matter which one of his internet providers he is currently using.

I guess if I were landing the tunnels on different firewalls on my end, then I could use RRI and change the route priorities, but that is not an option in this case.

Thanks for any thoughts / suggestions.

ASA1 >>> Remote Firewall1 >>> 10.10.3.0/24

ASA1 >>> Remote Firewall2 >>> 10.10.3.0/24

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion