Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
0
Helpful
4
Replies

ASA terminate LAN2LAN VPN's on unique addresses

jjaques
Level 1
Level 1

‎02-20-2009 05:28 AM

I currently have an ASA5550 terminating 10 LAN2LAN tunnels on one public IP address on the outside interface. Is it possible to terminate each LAN2LAN tunnel with a unique local address? This way if a tunnel needed to be moved to a new ASA the remote LAN2LAN peer would not need to be reconfigured.

Labels:
0 Helpful
4 Replies 4

Ivan Martinon
Level 7
Level 7

‎02-26-2009 08:40 AM

Unless you terminate them on a different interface, and configure the routing accordingly your answer would be no.

0 Helpful

jjaques
Level 1
Level 1
In response to Ivan Martinon

‎03-02-2009 12:51 AM

Hello, thanks for your feedback. I have interfaces that I can use on the ASA. My question is can I configure the additional Gig interfaces as outside interfaces and place them in the SAME subnet/vlan as the current outside interface (bridge them together). I think I have read that the interfaces must EACH be in a separate VLAN and subnet. thanks

0 Helpful

mkkeyan
Level 1
Level 1
In response to jjaques

‎03-02-2009 03:27 AM

same subnet not possible , only option you can use static nat, permitting Ipsec ports.

0 Helpful

jjaques
Level 1
Level 1
In response to mkkeyan

‎03-02-2009 04:07 AM

Hi mkkeyan,

can you explain that configuration in a bit more detail? I understand static NAT and can permit ESP and IKE, but what am I natting?

0 Helpful
Customers Also Viewed These Support Documents