Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1553
Views
0
Helpful
1
Replies

ASA VPN Routing Overlap

anthonykahwati
Level 1
Level 1

‎09-02-2020 01:16 PM

Hi

I am setting up a site to site VPN topology and think I may run into a problem. This will be deployed on up-to-date code on ASAv50's.

A Pair of A/S ASA's will have an IPSec VPN to Vendor Site 1 and another to Vendor Site 2. The issue that I have is that a single VIP will be reachable by both VPN's on the same ASA, so I will essentially have 2 VPN's that will have the same source and same destination traffic by way of the interesting traffic. They will terminate on different end points but the traffic profiles will be the same.

Will the box even let me set this up (I don't have the environment yet otherwise I would test) and if so, how do I choose between the tunnels. Is there such a thing as primary and secondary tunnels for a given set of traffic or am I trying something impossible?

Thanks in advance

0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎09-03-2020 04:50 AM - edited ‎09-04-2020 05:27 AM

in this scenario you would need to NAT the subnet of one of the remote sites to a different IP or subnet.  For example.  If Site1 and Site 2 only need to connect to the VIP and the VIP does not need to connect to Site 1 or Site 2, then you could NAT the Site 2 subnet to a single IP and only allow that IP over that specific VPN.  

Optionally you would need to do a redesign and allocate another subnet to one of the sites.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card