2nd Internet Link for VPN

Unanswered Question
Feb 23rd, 2010

I have firewall ASA 5510. Currently I am having 2 Mbps Internet link. Everything is working fine but one of the branch users where we are having site to site connection is complaining about the slowness. So we have decided to arrange one more Internet Link which we will only use for that branch site to site VPN connectivity.

I want to configure my firewall in that way that when subnet

Head office subnet:

Branch office :

wants to reach other other their VPN traffic should go to the second 1 Mbps link. I dont want to have any load balancing or any failover.

I just want to configure firewall for site to site VPN in a way that when subnet ( wants to reach particular destination ( It should go to the second Internet Link and other traffic for remote access VPN and other site to site tunnels should use the 2 Mbps link.

Please help me out this is very urgent. 

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
KARUPPUCHAMY MA... Tue, 02/23/2010 - 01:21


As per your post, you are going to terminate a second internet link in the firewall for your vpn connectivity, in this scenario remove all your existing vpn related configuration on the primary internet link interface  and configure your secondary link as vpn enabled interface.

Make the acl for interesting traffic and configure all the phase-1 and phase-2 vpn config.

so the interesting traffic which we have configured in firewall will go via vpn connectivity, rest all the traffic will take the normal routing i.e) your primary link.



wasiimcisco Tue, 02/23/2010 - 04:49

thanks for the reply,

I have one firewall which i am only using for the VPN connectivity both LAN to LAn and remote access VPN. Currently everything is working fine but due to some bandwidth limitation I want to terminate second internet line on firewall (Ethernet 3)  which also i will use for the VPN connectivity with one of my branch.

Now I wanted to konw how to configure the firewall in a way that all VPN connection goes to one internet link and only one branch ( will use the secondary Intenret link.

How to route the traffic for VPN towards teh second Internet Link and at the same time other VPN Tunnels use the primary internet link. 


This Discussion