Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1106
Views
0
Helpful
2
Replies

ASA VTI tunnel and regular ipsec tunnel

Britto Vimalraj Anthonysamy
Level 1
Level 1

‎09-29-2018 10:23 AM - edited ‎02-21-2020 09:28 PM

hi, i have ASA and there is site to site vpn configured with SITE-A. now additional requirement , i want to create one more tunnel using VTI (GRE) also , i have to translated two of my local subnets as there is IP address conflict on the other side SITE-B.

 

Now my question is , can regular site to site VPN and GRE tunnel co-exist? 

Can i do nat translation for two subnets via VTI (GRE) tunnel? let's say 10.10.10.0/24, 10.10.20.0/24, i want to translate to 192.168.10.0/24, 192.168.20.0/24VPN and AnyConnect, VPN

 

Can anyone guide me. Thanks

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎09-29-2018 12:44 PM - edited ‎09-29-2018 01:38 PM

Hi,
ASA does not support GRE only an ipsec encapsulated VTI, more info here.

 

A Crypto Map and a VTI (ipsec encapsulated) can co-exist on an ASA.

VTI eliminates the need to use NAT exemption rules.

 

HTH

0 Helpful

Britto Vimalraj Anthonysamy
Level 1
Level 1
In response to Rob Ingram

‎09-29-2018 06:53 PM

Hi Thanks for your support.

 

So how can i do nat translation , over VTI?? is there any way?

yes crytomap and VTI can co-exist, i have a simulated this one.

so only problem , i want to do nat translation over VTI interface

0 Helpful
Customers Also Viewed These Support Documents