I am currently trying to figure out a way of getting a vpn terminated to a Cisco ASA 5510. I have a customer who's 3rd party supplier needs to terminate 2 vpn's to my single device but requires 2 individual peers addresses. I have a single Wan connection with a range of 8 Public addresses and have configured 1 IPSEC tunnel with there supplier but now require a second,
The first tunnel i supplied them with the ip address which is assigned to the WAN interface but now they want a second peer but I cannot seem to figure out how to get this vpn terminated to 1 of the subnet address.
I don't really know why your customer needs two connections to two different IPs with the same ASA (probably they don't know that you've got only one vpn-gateway, and think of it as some kind of redundancy), but is the ASA directly connected to the ISP? Cause if it's connected to some internet-border router (wich in turn connects to the ISP), you can use NAT on that router to translate all incoming isakmp and nat-t sessions to some other address from your private pool (ip for second tunnel) to the ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...