04-06-2013 06:29 AM - edited 03-11-2019 06:24 PM
Is it possible to have a Cisco ASA5510 with two internet connections performing as follows..
Internet A---------All traffic except LAN to LAN vpn
Internet B---------LAN to LAN vpn
I cant find anything definitive on google to say it will or wont, i know it cant do policy based routing.
Thanks
Solved! Go to Solution.
04-06-2013 07:43 AM
Surely it's possible.
To perform this you should configure:
- default route (0.0.0.0) through the one interface, pointing to the Internet A ISP IP. With this, all you internal traffic to the Internet will go through that interface;
- specific route through the other iterface, towards the remote LAN, pointing to the Internet B ISP IP. All the vpn traffic will follow this route and this interface.
route outside 0.0.0.0 0.0.0.0 ISP_1_IP
route outside_VPN 192.168.10.0 255.255.255.0 ISP_2_IP
04-06-2013 09:32 AM
I've done it a different way and used Proxy ARP so both subnets are useable on a single interface and its working well, thanks for your help though :-)
04-06-2013 07:43 AM
Surely it's possible.
To perform this you should configure:
- default route (0.0.0.0) through the one interface, pointing to the Internet A ISP IP. With this, all you internal traffic to the Internet will go through that interface;
- specific route through the other iterface, towards the remote LAN, pointing to the Internet B ISP IP. All the vpn traffic will follow this route and this interface.
route outside 0.0.0.0 0.0.0.0 ISP_1_IP
route outside_VPN 192.168.10.0 255.255.255.0 ISP_2_IP
04-06-2013 08:04 AM
Also you should configure your crypto to terminate on the interface, connected to the "Internet B" provider.
Otherwise you will have some kind of asymmetrical routing and your lan-to-lan VPN will not work.
04-06-2013 09:32 AM
I've done it a different way and used Proxy ARP so both subnets are useable on a single interface and its working well, thanks for your help though :-)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: