Re: vpn newbie question

john64079 · ‎03-21-2007

I need to setup a vpn to a ASA5520 at site1 from an Tasman 1004 edge router at site2. The edge router already servers as the internet gateway and all the NATs are setup on it. Can the edge router be used to make the vpn tunnel without disrupting other traffic or would we need a dedicated VPN router to connect to the ASA5520.

kaachary · ‎03-21-2007

Yes, you can have eedge router configured as VPN router if it supports VPN config.

Regarding NAT, you have to exmpt the VPN traffic from NAT on that router.

-Kanishka

john64079 · ‎03-21-2007

Thank you for the fast response.

So i would have to create a new wan bundle for the VPN and link it to the T1s so it wouldn't interfere with the original bundle?

We have multiple IPs, so if the original bundle is configured with IP 65.11.11.11/30, i'd like to use an available IP like 65.11.11.12 for the VPN bundle.

kaachary · ‎03-21-2007

Yes, you can have an interface with a routable public ip address, and apply the crypto map to it.

If the defaul gateway is pointing to the other WAN interface, you can put specific routes for the remote subnet pointing to the this VPN interface.

ip route

Hope this helps.

-Kanishka

john64079 · ‎03-22-2007

I can't link either of the two T1s to the new bundle because they are linked to the original one. Unlinking a T1 just for a VPN is probably not an option. So I'll have to figure out how to configure it in the existing bundle and keep the vpn traffic exempt like you said above.