cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
497
Views
0
Helpful
6
Replies

Site to Site VPN on Second Internet Facing Interface

pjscott13
Level 1
Level 1

Hi all,

We have a Cisco ASA 5510 device, without the Security Plus License. We had all our Internet connectivity/VPN terminating on the main internet connection on the Outside1 interface.

We now want to set up a second internet connection, that is practically a dedicated link to a remote network. This remote network will have a VPN tunnel terminate on this interface (Outside2). I have configured the VPN tunnel, but I cannot get it to connect. Is there something missing in my config?

I appreciate your help, as I am not overly confident with ASA configuration.

1 Accepted Solution

Accepted Solutions

a.alekseev
Level 7
Level 7

route outside2 x.x.x.x 255.255.255.255 z.z.z.z

where x.x.x.x - ip address of the peer

z.z.z.z - default gateway for seomd ISP

route outside2 a.a.a.a ma.ma.ma.ma z.z.z.z

route outside2 b.b.b.b mb.mb.mb.mb z.z.z.z

...

route outside2 d.d.d.d md.md.md.md z.z.z.z

a.a.a.a

b.b.b.b

..

d.d.d.d - all destination networks from your outside2_cryptomap_20

View solution in original post

6 Replies 6

a.alekseev
Level 7
Level 7

route outside2 x.x.x.x 255.255.255.255 z.z.z.z

where x.x.x.x - ip address of the peer

z.z.z.z - default gateway for seomd ISP

route outside2 a.a.a.a ma.ma.ma.ma z.z.z.z

route outside2 b.b.b.b mb.mb.mb.mb z.z.z.z

...

route outside2 d.d.d.d md.md.md.md z.z.z.z

a.a.a.a

b.b.b.b

..

d.d.d.d - all destination networks from your outside2_cryptomap_20

ok, so i had tried that already. I get these errors though:

713041: IP = VPNGATEWAY, IKE Initiator: New Phase 1, Intf inside, IKE Peer VPNGATEWAY local Proxy Address 192.168.18.0, remote Proxy Address REMOTENETWORK, Crypto map (Outside2_map)

713219: IP = VPNGATEWAY, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete

Then my attempt to connect times out and there are no other messages shown in the logging.

Is there something I am missing still?

show the actual configuration.

The configuration is the same as before with the additional routes for all remote networks pointing to the Second ISP's default gateway. Do I need to add a Route for the VPN gateway so it goes over the Second ISP?

I answered my own question. The VPN is up and running. Thanks!

Yes, you need...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: