03-18-2016 11:13 AM - edited 03-12-2019 12:30 AM
Currently, our ASA 5512 is configured to route outbound traffic to the Internet and I need to be able to configure an additional uplink to a dedicated connection. I have been using NAT for inbound access to servers over the current uplink. Now, I need to add a second connection that will be a dedicated link to our main office. I may still need to use NAT for inbound access over the Internet uplink; but, will not need to use NAT for the dedicated connection.
Thanks,
Anthony McMillon
03-18-2016 04:55 PM
Hi Anthony,
You can use policy-based routing for routing the traffic through the other link as you do not need NAT for the dedicated connection:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf
Regards,
Aditya
Please rate helpful posts.
03-19-2016 12:51 AM
I didn't really see a question in your post. What is the issue you are facing?
--
Please remember to select a correct answer and rate helpful posts
03-19-2016 05:12 AM
I just wanted some guidance on setting up the appliance to use a dedicated connection for communication to the main office as well as an Internet connection for allowing acces to remote desktops and possibly remote access for management.
03-19-2016 05:48 AM
This second connection, what type of traffic will be going over it? is it just traffic to the main office? Does the main office and remote office have different configured subnets?
--
Please remember to select a correct answer and rate helpful posts
03-19-2016 08:24 AM
Hi AMcMillon,
From my understand.
It is possible.
1. If the additional dedicate link is VPN. From the source to destination will lookup in your routing table, so it will route to main office.
2. You can apply remote vpn internet interface.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/vpn/asa_91_vpn_config/vpn_ike.html
Best Regards,
Chhayheng
03-20-2016 08:52 AM
The VPN itself isn't an issue, but this will require static routes to work, so if there are some clients that will be accessing internet or other dynamically assigned addresses over the VPN then this will need to be taken into consideration.
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide