Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple interfaces for site-to-site VPN on ASA

Is it possible to segment site-to-site VPN traffic to different output interfaces on the ASA platform.  I would like to direct site-to-site VPNs from partners to a different interface than site-to-site VPNs from corporate sites.

1 REPLY

Re: Multiple interfaces for site-to-site VPN on ASA

On an ASA, you can only have one default route (0.0.0.0/32) going to a single interface, but you should be able to use the other interfaces for VPN connections.

For example:

Interface  outside1      IP Address: 1.2.3.4/24 with default gateway of 1.2.3.1/24

Interface  outside2      IP Address: 2.3.4.5/24 with default gateway of 2.3.4.1/24

You would have your normal default route of route outside1 0.0.0.0 0.0.0.0 1.2.3.1 and you would point your corporate VPN tunnels to the endpoint peer address of 1.2.3.4.

You would then have routes for your partner sites going out interface outside2.  For example, a partner with IP of 4.5.6.7 you would:  route outside2 4.5.6.7 255.255.255.255 2.3.4.1.

Point the partner VPN endpoints to build a tunnel to your external address of 2.3.4.5.

Make sense?

167
Views
0
Helpful
1
Replies