08-13-2018 11:39 PM - edited 02-21-2020 08:06 AM
Hi,
On my asa i have a outside ip address on the outside interface. And i have a subnet routed to said IP. Is it possible for me to use one of the routed ip addresses as gateway for the VPN tunnels? I know you can't make loopback addresses on an ASA but i was wondering if there is a different solution.
Example
interface GigabitEthernet1/1
nameif outside
ip address 1.1.1.1 255.255.255.0 standby 1.1.1.2
interface Loopback1
nameif VPN
ip address 2.2.2.1 255.255.255.255
crypto map outside_map interface VPN
Except i can't create Loopbacks on an ASA
08-14-2018 01:48 AM
Typically what happens is that you use the public ip address on the outside interface your vpn termination point. and open that IP address for esp and isakmp. is there any particular reason why you want to terminate on a different public IP?
08-14-2018 01:54 AM
The reason is that there is a migration of firewalls. We are moving from a single firewall to a cluster. We did not have a spare ip address in the range to set as a standby address so we changed the outside ip range to one where we had a spare ip address en routed the block that was on the firewall to the new ip address.
We want to terminate on the same ip address that was on the old firewall so we don't have inform all the other parties of the ip change.
08-14-2018 03:22 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide