Hello,
I currently have a simple site-to-site VPN setup, connecting machines from site 1 to site 2 through 1 ISP, using a set of ASA 5506X. All is good.
I'd like to "double" that setup for redundancy:
- 2 ISPs
- 2 sets of 2 ASA
- both tunnels up at the same time
- both tunnels usable by machines on site 1 and 2 at the same time
I feel it's mostly a NAT issue and I'm getting a bit confused
I would like to be able to "choose" the tunnel to be used by selecting a different IP address to connect to the SERVER from the PC (in ping or ssh, or any client / server application on my PC). I would essentially connect to the SAME SERVER, but depending on the IP I point to, I would use tunnel A or tunnel B.
At the moment I have a static route on the PC to use 10.10.10.100 to hit 192.168.10.1
Ideally, I would:
- define another target IP for the SERVER (let's say 192.168.20.1)
- add a route on the PC to use 10.10.10.200 to get there
- add some NAT on the receiving ASA to point back to 192.168.10.1
Would that work ? I feel I'm missing something...
Would the SERVER then be able to reply using that same Tunnel ?
I would appreciate any insight on this, thanks