01-16-2014 06:52 AM
I need to terminate a Site to Site VPN tunnel to another Public IP that is not the outside interface of my ASA, how can I achieve this?
01-16-2014 07:03 AM
Hi,
ASA can only use the IP address configured directly on its interface for a VPN connection.
You could naturally configure a new public subnet on another (new) ASA interface and use the "route" command to both route the remote peer IP and remote network through that interface. That way you would have 2 external interfaces with the IP addresses for VPN use and the new interface wouldnt interfere with the original external interface that holds the default route.
There are many factors that determine if this would be easy to implement. Mostly your ISP and their equipment in front of your ASA.
- Jouni
01-16-2014 07:12 AM
I have control of the router between my firewall and the ISP ethernet handoff device.
01-16-2014 09:26 AM
Hi,
I guess there is couple of options when physically connecting the ASA and Router.
I am not sure if you have a router with a public subnet link network both towards the ISP and your ASA or just public subnet towards ISP and private network between Router and ASA while Router is doing NAT for the ASA.
- Jouni
01-16-2014 07:17 AM
If the ASA is one of the peers then you must bind the site-site VPN to its interface.
Sent from Cisco Technical Support iPad App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: