Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
607
Views
0
Helpful
0
Replies

Concurrent site-to-site VPN tunnels through dual ISPs (with 2 couples of ASA) between same machines

sraich
Level 1
Level 1

‎03-25-2021 08:44 PM

Hello,

 

I currently have a simple site-to-site VPN setup, connecting machines from site 1 to site 2 through 1 ISP, using a set of ASA 5506X. All is good.

 

I'd like to "double" that setup for redundancy:

- 2 ISPs

- 2 sets of 2 ASA

- both tunnels up at the same time

- both tunnels usable by machines on site 1 and 2 at the same time

 

I feel it's mostly a NAT issue and I'm getting a bit confused

diagram vpn dual isp.png

I would like to be able to "choose" the tunnel to be used by selecting a different IP address to connect to the SERVER from the PC (in ping or ssh, or any client / server application on my PC). I would essentially connect to the SAME SERVER, but depending on the IP I point to, I would use tunnel A or tunnel B.

 

At the moment I have a static route on the PC to use 10.10.10.100 to hit 192.168.10.1

Ideally, I would:

- define another target IP for the SERVER (let's say 192.168.20.1)

- add a route on the PC to use 10.10.10.200 to get there

- add some NAT on the receiving ASA to point back to 192.168.10.1

 

Would that work ? I feel I'm missing something...

Would the SERVER then be able to reply using that same Tunnel ?

 

I would appreciate any insight on this, thanks

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents