Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA - 2 IPSec L2L Tunnels, Same Remote Subnet


I have an interesting situation where I need to create 2 seperate tunnels (on a single ASA 5510) which will have the same remote subnet.

Reason behind this is, at the remote side, the end user has 2 seperate internet connections, and has a seperate firewall on each, with a different tunnel endpoint IP address.

So a current tunnel is already in place, but with the addition of the 2nd upstream at the remote site and 2nd firewall, is it possible to create a 2nd tunnel on the ASA on my side, but with the same remote subnet as the first tunnel?

My initial thought is that this will not work, because the ASA would not know which tunnel to use primarily, if the connections were being established from this end.

Would a dynamic setup be better?  So that the end user would have to establish the VPN connection from his end, so it would not really matter which one of his internet providers he is currently using.

I guess if I were landing the tunnels on different firewalls on my end, then I could use RRI and change the route priorities, but that is not an option in this case.

Thanks for any thoughts / suggestions.

ASA1 >>> Remote Firewall1 >>>

ASA1 >>> Remote Firewall2 >>>

CreatePlease login to create content