Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
0
Helpful
6
Replies

Site to Site VPN on Second Internet Facing Interface

Go to solution
pjscott13
Level 1
Level 1

‎07-21-2008 03:51 PM - edited ‎02-21-2020 03:50 PM

Hi all,

We have a Cisco ASA 5510 device, without the Security Plus License. We had all our Internet connectivity/VPN terminating on the main internet connection on the Outside1 interface.

We now want to set up a second internet connection, that is practically a dedicated link to a remote network. This remote network will have a VPN tunnel terminate on this interface (Outside2). I have configured the VPN tunnel, but I cannot get it to connect. Is there something missing in my config?

I appreciate your help, as I am not overly confident with ASA configuration.

Labels:
Preview file
19 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
a.alekseev
Level 7
Level 7

‎07-21-2008 09:17 PM

route outside2 x.x.x.x 255.255.255.255 z.z.z.z

where x.x.x.x - ip address of the peer

z.z.z.z - default gateway for seomd ISP

route outside2 a.a.a.a ma.ma.ma.ma z.z.z.z

route outside2 b.b.b.b mb.mb.mb.mb z.z.z.z

...

route outside2 d.d.d.d md.md.md.md z.z.z.z

a.a.a.a

b.b.b.b

..

d.d.d.d - all destination networks from your outside2_cryptomap_20

View solution in original post

0 Helpful
6 Replies 6

Go to solution
a.alekseev
Level 7
Level 7

‎07-21-2008 09:17 PM

route outside2 x.x.x.x 255.255.255.255 z.z.z.z

where x.x.x.x - ip address of the peer

z.z.z.z - default gateway for seomd ISP

route outside2 a.a.a.a ma.ma.ma.ma z.z.z.z

route outside2 b.b.b.b mb.mb.mb.mb z.z.z.z

...

route outside2 d.d.d.d md.md.md.md z.z.z.z

a.a.a.a

b.b.b.b

..

d.d.d.d - all destination networks from your outside2_cryptomap_20

0 Helpful

Go to solution
pjscott13
Level 1
Level 1
In response to a.alekseev

‎07-21-2008 10:48 PM

ok, so i had tried that already. I get these errors though:

713041: IP = VPNGATEWAY, IKE Initiator: New Phase 1, Intf inside, IKE Peer VPNGATEWAY local Proxy Address 192.168.18.0, remote Proxy Address REMOTENETWORK, Crypto map (Outside2_map)

713219: IP = VPNGATEWAY, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete

Then my attempt to connect times out and there are no other messages shown in the logging.

Is there something I am missing still?

0 Helpful

Go to solution
a.alekseev
Level 7
Level 7
In response to pjscott13

‎07-21-2008 10:53 PM

show the actual configuration.

0 Helpful

Go to solution
pjscott13
Level 1
Level 1
In response to a.alekseev

‎07-21-2008 11:04 PM

The configuration is the same as before with the additional routes for all remote networks pointing to the Second ISP's default gateway. Do I need to add a Route for the VPN gateway so it goes over the Second ISP?

0 Helpful

Go to solution
pjscott13
Level 1
Level 1
In response to pjscott13

‎07-21-2008 11:06 PM

I answered my own question. The VPN is up and running. Thanks!

0 Helpful

Go to solution
a.alekseev
Level 7
Level 7
In response to pjscott13

‎07-21-2008 11:07 PM

Yes, you need...

0 Helpful
Customers Also Viewed These Support Documents