Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
0
Helpful
1
Replies

ASA VTI Configuration with Single Egress Interface – Is It Possible?

thisisdisign
Level 1
Level 1

‎10-15-2025 04:30 AM

Hi everyone,

I'm trying to set up IPsec tunnels between Cisco Secure Access and an ASA device.
Based on the example in the following IOS XE guide, I  ould like to use a single egress interface on ASA to establish multiple VTI tunnels with the same peer:

Configure Network Tunnel between Cisco Secure Access and IOS XE Router Using ECMP with BGP
https://www.cisco.com/c/en/us/support/docs/security/secure-access/222485-configure-network-tunnel-between-cisco-s.html


My goal is to achieve ECMP for better redundancy and load balancing across multiple tunnels.

My question is:

  • Is it possible on ASA to configure multiple VTI tunnels using only one egress interface?
  • I assume ASA does not support multiple VTIs with the same tunnel source and destination, but if there is a workaround or configuration example, could you please share it?

Any insights or best practices would be greatly appreciated!

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎10-15-2025 06:00 AM

@thisisdisign I don't think it's possible if you have the same tunnel source and destination, either the source or destination must be different. If using ASA 9.19 or higher you can use a loopback interface as the tunnel source, thats assuming you have spare IP addresses to use?

0 Helpful
Customers Also Viewed These Support Documents