Terminate L2L VPN on ASA logical address

fsebera · ‎06-15-2011

I currently terminate my L2L VPN sessions on the "OUTSIDE" interface via the actual IP address assigned to that interface.

Can I assign the OUTSIDE interface a second address (VIP, Logical, Virtual etc.) and then terminate my L2L VPN sessions on that second address?

If so, could you provide "some" details? PLEASE!!!!

:

ASA 5520, IOS 8.0(4)

Tks

Frank

Jennifer Halim · ‎06-16-2011

No, unfortunately you can only terminate VPN on the physical interface where the VPN connection is originated from.

There is no way to configure logical/VIP/virtual interface on ASA anyway.

Hope that answers your question.

fsebera · ‎06-17-2011

Currently, we have static mappings as

:

static (inside,ENG1) 192.168.1.2 10.10.125.201 netmask 255.255.255.255

:

The IP address assigned on the ENG1 interface is 192.168.1.1 255.255.255.240

I would consider 192.168.1.2 a VIP or logical or virtual or alias or etc.

:

Remote users traffic is routed to the (VIP) 192.168.1.2 address and not the 192.168.1.1 interface address. Traffic routed to the interface address 192.168.1.1 is dropped.

:

Do you think this static mapping setup could also be used for VPN terminations????

Thanks!!!!

Frank

Jennifer Halim · ‎06-18-2011

No, unfortunately, static NAT map can not be used to terminate the VPN.

VPN on ASA can only be terminated on the physical interface, not any virtual ip address on the ASA.