08-17-2010 10:10 AM - edited 03-11-2019 11:26 AM
I have a 5520 which is currently used only for terminating inbound Cisco VPN IPSEC clients
We're in the process of bringing in another Internet connection from a different ISP which would be used for generic web-surfing from within the network (no inbound connections planned for this link).
Would it be possible to terminate this new ISP connection on a separate port on this ASA and make it the default connection? Will the ASA negotiate and route a VPN connection out the interface on which it was received by default? I've read quite a few past messages regarding dual ISP issues and work-arounds but was hoping the VPN-exclusive nature of the one interface would simplify matters in my case.
Thanks for any advice!
Craig
08-17-2010 06:14 PM
so if i understand correctly you want 1 interface as default route for normal internet traffic and want to use another interface exclusively for vpn clients
so all you need to do is put vpn config on that interface point your client to that interface ip, but just make sure that revere-route is enabled
08-17-2010 06:28 PM
Thanks! I haven't used the reverse-route command before but will read the documentation and configure as you suggest.
Regards,
Craig
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide