Is it possible to have seconday ip address on OUTSIDE Interface of ASA 5540 8.0(4) ? I am trying to get new ip scheme for our network and I have 1200 tunnels terminating to this box.I want to gradually move them to new IP address rather than replacing the IP of OUTSIDE Interface
On the ASA, there is only ONE default gw possible.
You have to add a static route for each site-to-site vpn (public IP and branch-LAN) to use the new WAN-interface.
Is the following route correct ? ALso do I have to name it "Outside" and same security level as the existing "outside" interface
"route add outside 172.17.2.0 255.255.255.0 19.x.x.x "
where 172.17.2.0 = LAN on the other side of tunnel and
19.x.x.x =public ip of my new interface
If Outside is your new interface, here is your route statement.
route Outside 172.17.2.0 255.255.255.0
You don't want to route to your public interface, you want to route to the new interface's default route. Check out this example below for a full configuration idea.
2 interfaces: E1, E2
E1 is for all traffic but VPN
E2 is for VPN only
Default gateway for E1 is 22.214.171.124
Default gateway for E2 is 126.96.36.199
VPN peer is 188.8.131.52 255.255.255.255
VPN lan addresses 10.0.0.0 255.0.0.0
route E1 0.0.0.0 0.0.0.0 184.108.40.206
route E2 220.127.116.11 255.255.255.255 18.104.22.168
route E2 10.0.0.0 255.0.0.0 22.214.171.124