cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1926
Views
0
Helpful
5
Replies

ASA + VPN + PBR ???

MarioRules
Level 1
Level 1

Hello 

I'm stuck with asa-5516 configuration hope someone will be able to help me.

 

ISP provides me external subnet with several IP's.
Some address are used as external IP for local subnet - NAT and it works fine.

But I  need to establish 5 VPN tunnels. Every tunnel needs to be initiated from different external IP.
I tried NAT and PBR but connection is always initiated from IP assigned to outside interface.
Could you please help me with this ?

 

1 Accepted Solution

Accepted Solutions

Why must you source traffic from a different IP address?
The only alternative I can think of is on a Cisco Router you could define multiple loopback interfaces to source traffic from.

View solution in original post

5 Replies 5

HI,
You can only establish a VPN tunnel to/from the IP address assigned to the ASA's physical interface. NAT will not work.

HTH

Any tips how to connect for exp 10 VPN's each from different IP ? My ASA has only 8 physical interface.

Why must you source traffic from a different IP address?
The only alternative I can think of is on a Cisco Router you could define multiple loopback interfaces to source traffic from.

After many tries i may confirm that there is no other solution.

I ask my IPS to provide me my subsets via routing protocol (OSPF) - waiting for implementation

 

Thanks for answers

Hi,

 

    Use sub-interfaces, thus you actually use a single physical link; combine it with redundant interfaces or ether channel, or both to also have failover in case one physical link fails.

 

Regards,

Cristian Matei.

Review Cisco Networking for a $25 gift card