Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA terminate LAN2LAN VPN's on unique addresses

I currently have an ASA5550 terminating 10 LAN2LAN tunnels on one public IP address on the outside interface. Is it possible to terminate each LAN2LAN tunnel with a unique local address? This way if a tunnel needed to be moved to a new ASA the remote LAN2LAN peer would not need to be reconfigured.

4 REPLIES

Re: ASA terminate LAN2LAN VPN's on unique addresses

Unless you terminate them on a different interface, and configure the routing accordingly your answer would be no.

Community Member

Re: ASA terminate LAN2LAN VPN's on unique addresses

Hello, thanks for your feedback. I have interfaces that I can use on the ASA. My question is can I configure the additional Gig interfaces as outside interfaces and place them in the SAME subnet/vlan as the current outside interface (bridge them together). I think I have read that the interfaces must EACH be in a separate VLAN and subnet. thanks

Community Member

Re: ASA terminate LAN2LAN VPN's on unique addresses

same subnet not possible , only option you can use static nat, permitting Ipsec ports.

Community Member

Re: ASA terminate LAN2LAN VPN's on unique addresses

Hi mkkeyan,

can you explain that configuration in a bit more detail? I understand static NAT and can permit ESP and IKE, but what am I natting?

176
Views
0
Helpful
4
Replies
CreatePlease to create content