I was just trying to get my hands all wet in doing some not so weird of a configuration because i believe someone out there much more weird that i am must have done such.
Ok attached is a topolgy i have in my network and i was looking at attaining some level of VPN style configuration. So here's the break down of each device config.
GRE Tunnel configured
Site-to-Site VPN configured
Remote VPN configured
Normal Firewall on routed mode
Open Ports to reach my LAN
IP SLA Tracking to both edge routers
That's about whats configured on each device. So we have a current working L2L VPN to a third party vendor that's working perfectly on the 2811, now there's a need for a redaundant VPN configured to the same vendor. Actually the link on the 2811 is not so stable as that of the 2911. I was having a thought of configuring VPN on the ASA point it to the 2911 router. But i have the following fears.
since i have Nat configured on the 2911, how much of impact would that be when configuring the vpn on the ASA . I know i have seen a vpn style config where the router doesn't do NAT but the ASA was, that made it easy to do NAT Exemption on the ASA.
Is it possible for me to do the NAT exemption on the router instead of the ASA that's having the?
I have an existing VPN traffic passing the outside interface of the ASA, adding a crypto map command to the outside interface for the VPN to the ASA wouldn't that complicate things to the existing one already.
Can i go ahead and do a static NAT between the ASA and the Router, aim is for the traffic to go through.
So these are the few concerns i have about doing such style of VPN config. I am fully aware of having same topology and the router doesn't participate
in NAT but the ASA does the VPN.
I just wnat to get your two cents about what i am trying to achieve. I would appreciate your candid suggestion and opinion about this.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :