cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

523
Views
0
Helpful
1
Replies
Highlighted
Beginner

ASA5510 Dual ISP & VPN on backup

ASA5510 ios v8.4.

I've setup dual ISPs and I'm trying to get ipsec VPN client access to work on the backup interface (outside-backup). The goal is to have outbound traffic on the inside subnet NAT'd through the main interface (outside) while inbound ipsec VPN clients connect and opperate off of outside-backup.

crypto map is applied to 'interface outside-backup,' however clients are unable to connect. If I switch the default route to go through outside-backup everything starts to work again.

1 REPLY 1
Highlighted
Participant

ASA5510 Dual ISP & VPN on backup

Hello,

This is possible only for LAN-to-LAN tunnels. If you are using remote VPN clients or any other VPN such as AnyConnect it is not possible.

If this is a site to site tunnel you just need to add a route point traffic for the remote network through the outside-backup ISP.

Example:

                    ISP1----------------------------

PC --- ASA === Site to Site tunnel === ASA/Router ---- Remote VPN client  10.10.10.10

                    ISP2-----------------------------

route outside 0.0.0.0 0.0.0.0 ISP1

route backup 10.10.10.10.0 255.255.255.0 ISP2

Regards,

Juan Lombana

Please rate helpful posts.