Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
810
Views
0
Helpful
2
Replies

Site to site vpn inquiry

bmak
Level 1
Level 1

‎07-26-2019 09:08 AM - edited ‎02-21-2020 09:42 PM

Hi,

I am looking to configure a site to site VPN connection between two ASA firewalls.

On one of the firewalls, I have the interface IP as 201.2.171.234, with subnet mask 255.255.255.248, this is the interface i intend to use for the VPN connection.

 

My question is can I use the IP 201.2.171.235 as the peer IP in the VPN configuration since this IP "201.2.171.235" falls under the same subnet of my current interface IP or do I have to use the interface IP; 201.2.171.234, since it's configured on the firewall as the interface IP address.

 

Thank you

 

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎07-26-2019 11:00 AM

Hi,

On the ASA you enable ikev1/ikev2 on an interface, once enabled you can only establish a VPN tunnel to the IP address of the interface ikev1/ikev2 is enabled on, not another IP address in that network.

 

HTH

0 Helpful

shgrover
Cisco Employee
Cisco Employee

‎07-27-2019 03:00 AM

Hello Bmak,

 

you would have to use to .234 IP as this is the IP of the interface.

 

Regards

Shikha Grover

PS: Please don't forget to rate and select as validated answer if this answered your question

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents