Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN L2L connection using 2 different WAN interface on central ASA

Hello everybody

I am new to ASA configuration and I need some advice.

I have an ASA IPSEC VPN Hub and Spoke configuration with fixed IP@ (outside) on the central ASA and dynamic IP@ on the spokes.

I have now a new ISP link connected to my central ASA (new interface let's say outside2) and I'd like to migrate some L2L VPN links to that new interface 'outside2', whereas some remain on the other interface 'outside'.

Is that possible ?

I can't understand what to do with the routes. The central ASA can only have one default route but how is it aware of the public IP@ of the spokes in order to establish the tunnel via outside or outside2 interface ?

Thanks for your help



Re: VPN L2L connection using 2 different WAN interface on centra

I believe the only way to accomplish this would be with static routes to the remote sites pointing at your new outside2 interface. Then configure your tunnel normally with the remote site pointing to the outside2 IP as its remote peer.

New Member

Re: VPN L2L connection using 2 different WAN interface on centra

I was afraid of that answer ...

Since remote sites have dynamic IP @, I cannot know in advance which @ they will have so I cannot configure static routes to them ...

Is there no way to force the central ASA respond using interface outside2 when a VPN peer explicitely tries to establish a tunnel to that interface ?

Then, when the VPN tunnel is OK, the inside network @ of remote sites are automatically pushed in the local ASA routing table, isn't it ?

CreatePlease login to create content