12-18-2014 06:59 AM - edited 03-11-2019 10:14 PM
I know this an "out there" question, but I have a remote office that has a sketchy internet. I have seen that my asa can handle 2 internet connections in a failover type scenario. I am trying to use a Mifi (cell internet) connection as the backup internet connection. I have need to maintain a site to site vpn using this router.
The problem is that the cell phone internet connection gives a private IP range. I have tested using the cell as the external interface. This works fine, but I am thinking I will run into problems trying to setup the site to site VPN when one side is using a private IP range.
Does anyone know if it is possible to make this work? Any help would be appreciated.
12-18-2014 08:15 AM
Yes, that can work and is not that uncommon. You have to configure your HQ-gateway in a way that connections fron unknown IPs are accepted for VPN. If the HP also is an ASA, you can use the Default L2L tunnel-group for a S2S connection, or you can use the EzVPN functionality with the 5505 as a client and your HQ ASA as the Server.
01-08-2015 08:31 AM
I was able to make it work. It automatically fails over and restarts the vpn. The only small problem is that the side with the cell phone connection has to initiate the vpn connection. It doesn't work both ways since the side that uses the cell connection has a private address. On the partner side, I had to setup a vpn to the public IP of the phone. This allows the phone side to initiate a vpn connection. So, in short, it works!
05-18-2021 07:37 AM
Can you please show me your configs ?? how you set up your default route and VPN configs please?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide