12-03-2012 05:29 AM
all,
I have a client that is using an ASA5510 and would like to make some changes
current config -
int 0/0 - external connection (T1) with multiple VPN site to site tunnels and VPN client tunnels
int 0/1 Internal (10 network)
Proposed config -
1. add cable internet to int 0/3
2. route default internet traffic to cable internet
3. leave VPN tunnels on T1
4. failover internet in the event of cable internet outage(using tracking)
Would one or both of these options work? if so what is the better way to do it?
option 1
1. add static routes for each VPN endpoint and protected network to use T1 gateway.
Option 2
2. add static routes for VPN end points and set default route for T1 as the tunned interface.
if this would work would we need to move the VPN clients config over to the cable internet? or is there a way to have it work on the VPN as well?
thanks
Solved! Go to Solution.
12-06-2012 12:50 PM
Suggested design will work and option 1 looks more promising however we need to make sure VPN clients are shifted to Cable Internet first because in case of VPN client since VPN peer is not known thus to make communication possible reverse route for VPN client peer is needed. This reverse route will be provided by the device's default route and in our case it is Cable Internet.
Hope this helps.
Regards,
Anuj
12-06-2012 12:50 PM
Suggested design will work and option 1 looks more promising however we need to make sure VPN clients are shifted to Cable Internet first because in case of VPN client since VPN peer is not known thus to make communication possible reverse route for VPN client peer is needed. This reverse route will be provided by the device's default route and in our case it is Cable Internet.
Hope this helps.
Regards,
Anuj
12-07-2012 05:07 AM
Thanks. that is how we ended up setting it up.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide