Solved: ASA + VPN + PBR ???

MarioRules · ‎02-29-2020

Hello

I'm stuck with asa-5516 configuration hope someone will be able to help me.

ISP provides me external subnet with several IP's.
Some address are used as external IP for local subnet - NAT and it works fine.

But I need to establish 5 VPN tunnels. Every tunnel needs to be initiated from different external IP.
I tried NAT and PBR but connection is always initiated from IP assigned to outside interface.
Could you please help me with this ?

Rob Ingram · ‎02-29-2020

Why must you source traffic from a different IP address?
The only alternative I can think of is on a Cisco Router you could define multiple loopback interfaces to source traffic from.

View solution in original post

Rob Ingram · ‎02-29-2020

HI,
You can only establish a VPN tunnel to/from the IP address assigned to the ASA's physical interface. NAT will not work.

HTH

MarioRules · ‎02-29-2020

Any tips how to connect for exp 10 VPN's each from different IP ? My ASA has only 8 physical interface.

Rob Ingram · ‎02-29-2020

Why must you source traffic from a different IP address?
The only alternative I can think of is on a Cisco Router you could define multiple loopback interfaces to source traffic from.

MarioRules · ‎03-12-2020

After many tries i may confirm that there is no other solution.

I ask my IPS to provide me my subsets via routing protocol (OSPF) - waiting for implementation

Thanks for answers

Cristian Matei · ‎03-01-2020

Hi,

Use sub-interfaces, thus you actually use a single physical link; combine it with redundant interfaces or ether channel, or both to also have failover in case one physical link fails.

Regards,

Cristian Matei.