ASA: 2 outside intfc (2 isp): 1 for inbound VPN clients only?

Unanswered Question

I have a 5520 which is currently used only for terminating inbound Cisco VPN IPSEC clients

We're in the process of bringing in another Internet connection from a different ISP which would be used for generic web-surfing from within the network (no inbound connections planned for this link).

Would it be possible to terminate this new ISP connection on a separate port on this ASA and make it the default connection?  Will the ASA negotiate and route a VPN connection out the interface on which it was received by default?   I've read quite a few past messages regarding dual ISP issues and work-arounds but was hoping the VPN-exclusive nature of the one interface would simplify matters in my case.

Thanks for any advice!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jitendriya Athavale Tue, 08/17/2010 - 18:14
User Badges:
  • Cisco Employee,

so if i understand correctly you want 1 interface as default route for normal internet traffic and want to use another interface exclusively for vpn clients

so all you need to do is put vpn config on that interface point your client to that interface ip, but just make sure that revere-route is enabled


This Discussion

Related Content