10-11-2013 02:52 AM - edited 03-11-2019 07:50 PM
Hi
I have a Cisco ASA 5515-x with IOS 9.1.
My problem is i have 6 interfaces (1 failover, 2 dmz, 1 outside, 1 inside and 1 spare) and I need to create new:
There is no budget to purchase additional interfaces at the present.
The solution i have come up with is to:
I have 2 questions:
Any help would be much appreciated.
Chris
Solved! Go to Solution.
10-11-2013 03:23 AM
Hi,
Well I dont know why the requirement is to use a different public IP address for the L2L VPN connection then this seems to be the only way (use another interface). I assume then that you have another ISP link there or from same ISP but with IP from different public subnet than your current "outside"?
If you decide to use 2 WAN links on the ASA then for the L2L VPN purpose WAN link you need to configure static "route" for the remote VPN gateway and possibly also for the remote networks behind the L2L VPN unless the ASA installs those routes automatically based on the "crypto map" configurations.
With regards to moving the configurations around it seems to me that there is no easy/automatic way to migrate these configurations.
What you can essentially do atleast is
The above should be the main things to do on the ASA to migrate the configurations.
Naturally this is just a general description without taking into account everything that you might have in your environment.
- Jouni
10-11-2013 03:23 AM
Hi,
Well I dont know why the requirement is to use a different public IP address for the L2L VPN connection then this seems to be the only way (use another interface). I assume then that you have another ISP link there or from same ISP but with IP from different public subnet than your current "outside"?
If you decide to use 2 WAN links on the ASA then for the L2L VPN purpose WAN link you need to configure static "route" for the remote VPN gateway and possibly also for the remote networks behind the L2L VPN unless the ASA installs those routes automatically based on the "crypto map" configurations.
With regards to moving the configurations around it seems to me that there is no easy/automatic way to migrate these configurations.
What you can essentially do atleast is
The above should be the main things to do on the ASA to migrate the configurations.
Naturally this is just a general description without taking into account everything that you might have in your environment.
- Jouni
10-11-2013 11:08 AM
Hi Jouni
Thanks for such a quick response.
The reason for 2 separate public addresses is more a management decision beyond my control, so just have to go with it:-(
Thanks for the information, i was thinking it would be a manual process, but had to check just in case anyone had a easy/quick solution for the move.
My plan is to:
The process will also give me a chance to clean up the rules base to.
Chris
10-23-2013 11:50 AM
I finished the move, slightly different, but was still all manual as predicted and confirmed by Jouni:
Many thanks for your help Jouni.
Chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide