I have firewall ASA 5510. Currently I am having 2 Mbps Internet link. Everything is working fine but one of the branch users where we are having site to site connection is complaining about the slowness. So we have decided to arrange one more Internet Link which we will only use for that branch site to site VPN connectivity.
I want to configure my firewall in that way that when subnet
Head office subnet: 192.168.80.0
Branch office : 192.168.17.0
wants to reach other other their VPN traffic should go to the second 1 Mbps link. I dont want to have any load balancing or any failover.
I just want to configure firewall for site to site VPN in a way that when subnet (192.168.80.0) wants to reach particular destination (192.168.70.0). It should go to the second Internet Link and other traffic for remote access VPN and other site to site tunnels should use the 2 Mbps link.
As per your post, you are going to terminate a second internet link in the firewall for your vpn connectivity, in this scenario remove all your existing vpn related configuration on the primary internet link interface and configure your secondary link as vpn enabled interface.
Make the acl for interesting traffic and configure all the phase-1 and phase-2 vpn config.
so the interesting traffic which we have configured in firewall will go via vpn connectivity, rest all the traffic will take the normal routing i.e) your primary link.
I have one firewall which i am only using for the VPN connectivity both LAN to LAn and remote access VPN. Currently everything is working fine but due to some bandwidth limitation I want to terminate second internet line on firewall (Ethernet 3) which also i will use for the VPN connectivity with one of my branch.
Now I wanted to konw how to configure the firewall in a way that all VPN connection goes to one internet link and only one branch (192.168.17.0) will use the secondary Intenret link.
How to route the traffic for VPN towards teh second Internet Link and at the same time other VPN Tunnels use the primary internet link.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...