IPSec tunnel on sub-interface on ASA 5510

mudassar.khan · ‎06-12-2012

Hello All,

I working on a security solution using ASA firewall and need some technical advice on ASA. Is it possible to setup a IPSec tunnels on each subinterface of a physical interface on ASA 5510?

I would be greatul if someone please reply post this with some details.

Regards,

Muds

Jennifer Halim · ‎06-12-2012

Yes you can, but why would you like to setup IPSec tunnels on a subinterface?

Also, pls kindly be advised that you can't have more than 1 default route configure on an ASA, so for each of the sub interface, you would need to configure static route for the remote peer, that means, you would need to have a static remote peer (dynamic remote peer won't work because you can't setup route first on the ASA), nor can remote access vpn works.

mudassar.khan · ‎06-12-2012

Hi Jennifer,

Thanks very much for your reply. I understand where you coming from, but the reason of using sub-interfaces is that, we have only one physical interface on the firewall connected to the MPLS cloud, and we need to setup a seperate IPSec tunnels for each client for security and integrity. In the current scenario, I have static peers and we can easily setup a static route to peer address.

Many thanks for your assistance, please feel free to to advise if you have any other suggestion.

Regards,

Muds

Jennifer Halim · ‎06-12-2012

Great, in that case, there is no issue at all if the remote end is static.