Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
525
Views
0
Helpful
2
Replies

Cisco asa or router for site to site tunnel

carl_townshend
Spotlight
Spotlight

‎05-12-2012 02:28 PM - edited ‎03-04-2019 04:20 PM

Hi all

I have a requirement to build a site to site tunnel to my head office from a remote office. My question is, should I use an asa the other end, or should I install a router with a zoned firewall and use a vti tunnel.

Can I create a vti tunnel on a router to the asa in my hq?

You cant run routing protocols over the asa site to site tunnel so I thought a router would be better.

Your thoughts please

Labels:
0 Helpful
2 Replies 2

cflory
Level 1
Level 1

‎05-12-2012 07:12 PM

You could certainly use a router to terminate the VPN tunnel.  You'll use an IPSec over GRE tunnel for your routing protocols:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800946b8.shtml

or

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml

Do you have a private circuit (MPLS, etc..), or just a local Internet circuit at the remote site?  If you have both (Internet used as backup for the MPLS), you could terminate the VPN tunnel on an ASA, and then have a primary GRE tunnel over the MPLS, and a secondary (higher cost) GRE tunnel over the backup Internet path.

HTH!

-Chris

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-14-2012 02:35 AM

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

I haven't worked with ASA tunnels, but site-to-site router tunnels work fine, including routing across them.  One trick to improve tunnel performance across Internet, don't use link for other than tunnel traffic so that you "know" and can manage the tunnel bandwidth.  (If site needs general Internet access, ideally, use another interface.)  Also, for an Internet tunnel, you don't need firewall features to secure the tunneling router just for site-to-site tunnels.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card