ASA 5510 ASDM - routing VPN over different external interface

smithcolm · ‎09-19-2012

Hi.

I have an ASA 5510. (ASA 8.0(4) ASDM 6.1(3)

I have 2 internet connections (only 1 is currently active)

Currently all internet and VPN traffic go over 1 interface.

What I want , is to move general internet onto the new internet connection but keep VPN traffic on the old internet connection.

I can get the internet working but as soon as i do the VPNs go down.

VPNs are site to site vpns.

Is it possible to do this?

Cheers

Jennifer Halim · ‎09-19-2012

Yes it is possible to do.

You can't have 2 default routes pointing to 2 different interfaces.

What you would need to configure is default routes configured for the Internet traffic, and static route for the remote LAN subnet as well as the VPN peer address pointing towards the VPN interface.

smithcolm · ‎09-25-2012

I had already tried the route for the remote lan subnet but that didnt work.

its possible i was routing through incorrect IP.

it doesnt matter now though as old link will be decommissioned so i dont need to keep them both running simultaneously.

Jennifer Halim · ‎09-25-2012

Thanks for the update.

out of curiosity, do you also route the remote peer address via the other interface?

smithcolm · ‎09-25-2012

Not sure i understand what you're asking.

i dont do any specific routing of the remote peer, i just changed the VPN settings and i guess the routing took care of itself.