ASA Multiple Interface IP's For VPN Peer Address Migration
I currently have an ASA5520 as my firewall and a 3005 VPN Concentrator in front of the firewall terminating VPN tunnels with a public peer address of say 184.108.40.206. The ASA 5520 also has a public IP address (say 220.127.116.11) in the same subnet as the public IP of the 3005 but on a separate physical interface on the ASA for direct access to the firewall for other Internet traffic.
We are wanting to consolodate the separate VPN and firewall functions into the ASA (getting rid of the 3005 and moving the VPN function to the ASA). The problem is we have a lot of customers using the 18.104.22.168 address(3005 public IP) to terminate their VPN tunnels. To have our customers all reconfigure their VPN tunnels would be a very large task.
So the question is can I have one physical ASA interface sharing multiple IP addresses--have 22.214.171.124 and 126.96.36.199 on the same physical interface (like a secondary IP but the peer VPN device would have to see the IP as 188.8.131.52)?
Re: ASA Multiple Interface IP's For VPN Peer Address Migration
Thanks for the reply. I guess I wasn't specific enough on the VPN type. The VPN is a lan-to-lan VPN with our business partners using PSK. The peer address of the VPN on our end is hard coded as an IP address.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...