Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
682
Views
0
Helpful
2
Replies

ASA: 2 outside intfc (2 isp): 1 for inbound VPN clients only?

craig
Level 1
Level 1

‎08-17-2010 10:10 AM - edited ‎03-11-2019 11:26 AM

I have a 5520 which is currently used only for terminating inbound Cisco VPN IPSEC clients

We're in the process of bringing in another Internet connection from a different ISP which would be used for generic web-surfing from within the network (no inbound connections planned for this link).

Would it be possible to terminate this new ISP connection on a separate port on this ASA and make it the default connection?  Will the ASA negotiate and route a VPN connection out the interface on which it was received by default?   I've read quite a few past messages regarding dual ISP issues and work-arounds but was hoping the VPN-exclusive nature of the one interface would simplify matters in my case.

Thanks for any advice!

Craig

Labels:
0 Helpful
2 Replies 2

Jitendriya Athavale
Cisco Employee
Cisco Employee

‎08-17-2010 06:14 PM

so if i understand correctly you want 1 interface as default route for normal internet traffic and want to use another interface exclusively for vpn clients

so all you need to do is put vpn config on that interface point your client to that interface ip, but just make sure that revere-route is enabled

0 Helpful

craig
Level 1
Level 1
In response to Jitendriya Athavale

‎08-17-2010 06:28 PM

Thanks!  I haven't used the reverse-route command before but will read the documentation and configure as you suggest.

Regards,

Craig

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card