Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4690
Views
10
Helpful
3
Replies

Cisco ASA 5510 with 2 internet connections

Go to solution
andy_4578
Level 1
Level 1

‎04-06-2013 06:29 AM - edited ‎03-11-2019 06:24 PM

Is it possible to have a Cisco ASA5510 with two internet connections performing as follows..

Internet A---------All traffic except LAN to LAN vpn

Internet B---------LAN to LAN vpn

I cant find anything definitive on google to say it will or wont, i know it cant do policy based routing.

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Andrew Phirsov
Level 7
Level 7

‎04-06-2013 07:43 AM

Surely it's possible.

To perform this you should configure:

- default route (0.0.0.0) through the one interface, pointing to the Internet A ISP IP. With this, all you internal traffic to the Internet will go through that interface;

- specific route through the other iterface, towards the remote LAN, pointing to the Internet B ISP IP. All the vpn traffic will follow this route and this interface.

route outside 0.0.0.0 0.0.0.0 ISP_1_IP

route outside_VPN 192.168.10.0 255.255.255.0 ISP_2_IP

View solution in original post

Go to solution
andy_4578
Level 1
Level 1

‎04-06-2013 09:32 AM

I've done it a different way and used Proxy ARP so both subnets are useable on a single interface and its working well, thanks for your help though :-)

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Andrew Phirsov
Level 7
Level 7

‎04-06-2013 07:43 AM

Surely it's possible.

To perform this you should configure:

- default route (0.0.0.0) through the one interface, pointing to the Internet A ISP IP. With this, all you internal traffic to the Internet will go through that interface;

- specific route through the other iterface, towards the remote LAN, pointing to the Internet B ISP IP. All the vpn traffic will follow this route and this interface.

route outside 0.0.0.0 0.0.0.0 ISP_1_IP

route outside_VPN 192.168.10.0 255.255.255.0 ISP_2_IP

Go to solution
cmihaylov_2
Level 1
Level 1

‎04-06-2013 08:04 AM

Also you should configure your crypto to terminate on the interface, connected to the "Internet B" provider.

Otherwise you will have some kind of asymmetrical routing and your lan-to-lan VPN will not work.

Go to solution
andy_4578
Level 1
Level 1

‎04-06-2013 09:32 AM

I've done it a different way and used Proxy ARP so both subnets are useable on a single interface and its working well, thanks for your help though :-)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card