12-23-2012 08:47 AM - edited 03-11-2019 05:40 PM
Hi, all!
several organizations wants to place their equipment and servers in my datacenter. They want to use the same resource - 10.3.1.5. I want to connect their servers and VPN-gates via my CISCO ASA 5510. When the organization was the only on ASA was static route "10.3.1.5 via 10.200.1.2". But now this decision doesnt work. Organization1 need to go to 10.3.1.5 via VPN-gate 10.200.1.2. Organization2 need to go to 10.3.1.5 via 10.200.2.2. I cannot connect teir servers and VPN-gates directly. I should do it via ASA 5510.
I need some thing like IOS PBR (more precisely - routing based on source address). Could you advice me how I can configure scheme in attachement on my ASA? May be it will be a kind of NAT?
Note: Also I need to give access to VPN-gates from other networks (NET 1 - NET n)
12-25-2012 05:06 AM
Hello Dmitriy,
I am afraid that is not possible what you are trying to accomplish with your ASA. The ASA only routes traffic based on destination IP (10.3.1.5) not by source (Organization1 and Organization2).
This is only possible on Cisco Routers.
Regards,
Juan Lombana
Please rate helpful posts.
12-25-2012 10:17 AM
If possible, you can translate 10.3.1.5 on each VPN-gate to something unique for corresponding organization when going to ASA (using some kind of static nat). For example, on VPN gate1 you can translate 10.3.1.5 to 10.31.1.5 and to VPN gate2 - to 10.32.1.5. On ASA u'll just add two static routes each pointing to corresponding VPN-gate.
route to 10.31.1.5 via 10.200.1.2
route to 10.32.1.5 via 10.200.2.2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide