We have a couple of 2811's with ASA5505 behind them at 2 diffrent locations. The ASAs have the basic license, not Security Plus. Currently we have a site to site VPN tunnel going from ASA1 to ASA2 through ISPs on the 2811s. This tunnel is using VLAN 1 and VLAN2 for a standard outside and inside interface configuration. Works fine. We are bringing in a second ISP and since the throughput on the ASAs for 3Des is 100Mbps we want to connect the second ISPs directly to the ASAs and take the 2811s out of the equation for the second ISPs since it is my understanding the ASA can do simple routing on its own now. The question is will we be able to get the traffic on the inside interface to be able to go across the second tunnel which will be terminated on a different (normally called the DMZ interface I guess) Interface and on VLAN 3? We would prefer not to have to upgrade to a Security Plus License. Please feel free to offere any changes that might be needed to make this work if it won't work as desired and stated above.
Thanks in advance! All replies rated