Re: Creating Two VPN Connections Over Different Public IP

rebazsalih · ‎08-19-2020

Hello

My ISP gave me /28 Public IP, what I want to do is creating 4 site to site VPN connections with 4 remote sites

My question is How I can use one IP per each VPN connection instead of using the same IP address

Or How can I create multiple outside interfaces within the same subnet to use one outside interface per each VPN connection

Thanks

Regards

Rob Ingram · ‎08-19-2020

You don't say what hardware you have (FTD, ASA or IOS router)

If IOS router, you could define 4 loopback interfaces and assign each loopback as the tunnel source.
If ASA/FTD you could try to define 4 outside interfaces. For the first interface define a default route (0.0.0.0/0.0.0.0), for the other 3 interfaces default a specific static route for the other VPN peer's IP address.

Why bother though, just establish a VPN tunnel to the same IP address, which is assigned to the outside interface.

HTH

rebazsalih · ‎08-20-2020

I am using FTD

but how can I assign tow different IP within the same subnet to 2 different outside interfaces, when I assign another public IP to another interface below message will appear.

IP Address overlaps or duplicate, interface also has the Same Subnet

Rob Ingram · ‎08-20-2020

Good point, there is you answer.
So why do you need to do this? It offers no benefit

rebazsalih · ‎08-20-2020

This is the scenario requested by management.

Rob Ingram · ‎08-20-2020

You cannot assign 4 IP addresses to the same interface.
As you are using 4 IP addresses from within the same network, this overlaps, so you cannot use 4 seperate interfaces.
You have to terminate a VPN on a physical interface (on FTD/ASA), so you cannot NAT either.

Tell management this is not possible.