Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
4
Replies

Use both the ISP Links in ASA

raghu.jrs
Level 1
Level 1

‎12-29-2014 12:01 AM - edited ‎03-11-2019 10:16 PM

HI

 

we have ASA 5510 on which

Outside interface ip 1.1.1.0/29

Backup interface ip 2.2.2.0/29

inside subnet 192.168.1.0/22

 

i want use the outside interface only for my IPsec connection (to Connect to remote office for accessing he internal hosted services) & the default route should be with backup interface( route backup 0.0.0.0 0.0.0.0 2.2.2.2),

if i put a natting for the remote office subnet will it work, can any one kindly help me with the configuration, 

 

remote office subnet's

10.10.1.0/24 -> public/peer Ip 3.3.3.0/29

10.10.2.0/22 -> Public/peer ip 4.4.4.0/29

 

 

Labels:
0 Helpful
4 Replies 4

rvarelac
Level 7
Level 7

‎12-29-2014 06:30 PM

Hi

 

mymap interface outside

 

And the routing would be:

route outside 10.10.10.10 255.255.255.255 x.x.x.x

route backup 0.0.0.0 0.0.0.0 2.2.2.2

 

where x.x.x.x = next hop outside int

 

All the other traffic will be routed to the backup interface , only the VPN traffic go out on the outside interface.

 

Please rate helpful posts !

Hope it helps

- Randy -

 

 

0 Helpful

raghu.jrs
Level 1
Level 1
In response to rvarelac

‎12-30-2014 09:58 PM

i had put a routes as below  & configured the

route outside 3.3.3.3 255.255.255.255 1.1.1.2
route outside 4.4.4.4 255.255.255.255 1.1.1.2
route inside 192.168.1.0 255.255.252.0 172.30.1.1

route backup 0.0.0.0 0.0.0.0 2.2.2.2

where

3.3.3.3 & 4.4.4.4 -> is the public Ip of remote office's(peer ip)

1.1.1.2 -> is the next hop outside int

2.2.2.2 -> is the next hop backup int

10.10.1.0/24 & 10.10.2.0/24 -> is the private subnet of the remote office's

with this configuration the IPsec is not working (not establishing the tunnel), i'm not able to reach the remote office,

if i change the default route point to the outside interface everything is working fine,

can you please help me what could be the issue.

 

 

 

 

0 Helpful

rvarelac
Level 7
Level 7
In response to raghu.jrs

‎12-31-2014 09:54 AM

 

Hi

 

Can you run a packet-tracer  to check the route the VPN traffic takes. 

 

 

- Randy - 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to raghu.jrs

‎01-01-2015 05:11 AM

did you try clearing the VPN sessions?

clear crypto ikev1 isakmp

clear crypto ipsec sa

Do you have any NAT statements that are redirecting the local hosts out the backup interface?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card