08-17-2010 10:10 AM - edited 03-11-2019 11:26 AM
I have a 5520 which is currently used only for terminating inbound Cisco VPN IPSEC clients
We're in the process of bringing in another Internet connection from a different ISP which would be used for generic web-surfing from within the network (no inbound connections planned for this link).
Would it be possible to terminate this new ISP connection on a separate port on this ASA and make it the default connection? Will the ASA negotiate and route a VPN connection out the interface on which it was received by default? I've read quite a few past messages regarding dual ISP issues and work-arounds but was hoping the VPN-exclusive nature of the one interface would simplify matters in my case.
Thanks for any advice!
Craig
08-17-2010 06:14 PM
so if i understand correctly you want 1 interface as default route for normal internet traffic and want to use another interface exclusively for vpn clients
so all you need to do is put vpn config on that interface point your client to that interface ip, but just make sure that revere-route is enabled
08-17-2010 06:28 PM
Thanks! I haven't used the reverse-route command before but will read the documentation and configure as you suggest.
Regards,
Craig
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: