Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA: 2 outside intfc (2 isp): 1 for inbound VPN clients only?

I have a 5520 which is currently used only for terminating inbound Cisco VPN IPSEC clients

We're in the process of bringing in another Internet connection from a different ISP which would be used for generic web-surfing from within the network (no inbound connections planned for this link).

Would it be possible to terminate this new ISP connection on a separate port on this ASA and make it the default connection?  Will the ASA negotiate and route a VPN connection out the interface on which it was received by default?   I've read quite a few past messages regarding dual ISP issues and work-arounds but was hoping the VPN-exclusive nature of the one interface would simplify matters in my case.

Thanks for any advice!

Craig

Everyone's tags (3)
2 REPLIES
Cisco Employee

Re: ASA: 2 outside intfc (2 isp): 1 for inbound VPN clients only

so if i understand correctly you want 1 interface as default route for normal internet traffic and want to use another interface exclusively for vpn clients

so all you need to do is put vpn config on that interface point your client to that interface ip, but just make sure that revere-route is enabled

New Member

Re: ASA: 2 outside intfc (2 isp): 1 for inbound VPN clients only

Thanks!  I haven't used the reverse-route command before but will read the documentation and configure as you suggest.

Regards,

Craig

451
Views
0
Helpful
2
Replies