I have a firewall cluster with two ASA 5585X. it's currently running with single uplink (Untrust). I have attched a draft diagram with this.
site to site (L2L) VPNs peering with untrust interface but Remote access VPN clients connections terminated to a device which is connected to DMZ.
So i need to shift these remote access VPN users termination point from DMZ to new interface which has planned to attched as new interface which is connect to the ISP. Please see th diagram.
So I need to connect only RA VPN clients through Rremote VPN interface.
If someone please tell me is this posible ? or otherwise how can i acheive this..
There are no dynamic routings. only used static routes. Default route performed through " Untrust Interface ".
So your remote users currently connect to the VPN via 203.189.x.x and you want to move them to a different interface? Does this new interface connect directly to the internet?
If this is the case then this is not possible because you would need a default route on your ASA to reach all the remote access clients. Since the ASA only supports one active default route you are limited to use the interface that connects to the internet.
Please remember to rate and select a correct answer
Thank you for your comment.
I have tried with add additional default route with AD 200, towards Remote VPN interface. I did this for just trial and error method. But it works...
existing Default route : - route Untrust 0.0.0.0 0.0.0.0 203.189.X.X1 1
What I've added : - route Remote 0.0.0.0 0.0.0.0 203.189.Z.Z1 200
After running packet capture wizard. it's confirmed that traffic passed out same interface where traffic came in.
still i'm searching how it's work.(technically )
How ever, end of the day it has worked. :-)