We have a couple of 2811's with ASA5505 behind them at 2 diffrent locations. The ASAs have the basic license, not Security Plus. Currently we have a site to site VPN tunnel going from ASA1 to ASA2 through ISPs on the 2811s. This tunnel is using VLAN 1 and VLAN2 for a standard outside and inside interface configuration. Works fine. We are bringing in a second ISP and since the throughput on the ASAs for 3Des is 100Mbps we want to connect the second ISPs directly to the ASAs and take the 2811s out of the equation for the second ISPs since it is my understanding the ASA can do simple routing on its own now. The question is will we be able to get the traffic on the inside interface to be able to go across the second tunnel which will be terminated on a different (normally called the DMZ interface I guess) Interface and on VLAN 3? We would prefer not to have to upgrade to a Security Plus License. Please feel free to offere any changes that might be needed to make this work if it won't work as desired and stated above.
Sorry, looks like you are contradicting yourself. Initially you said you will remove the 2811 router, and on the second post, you mention that the tunnel will pass through the 2811 router?
So currently you have ASA terminating a LAN-to-LAN tunnel via ISP 1? and you would like to terminate the same tunnel on a second ISP connection (which you will terminate on another interface of ASA)? What is the purpose of terminating the same tunnel via 2 different ISPs? or do you only want to use the second ISP when the first ISP is down? or you would like to use ISP 2 for VPN connection only, and all other traffic through ISP 1?
Thanks for your response. The goal is to get the 2nd ISPs terminating on a different interafces on the ASAs. We want this to then be the primary VPN tunnel and the current VPN tunnel will only be active if the new one goes down.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :