Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
0
Helpful
3
Replies

ASA Site to Site IPSec IKev2 can I use alternate tunnel source IP Addr

Go to solution
cco@leferguson.com
Level 1
Level 1

‎07-08-2022 09:42 AM

I had a request to set up a VPN ikev2 tunnel and was setting up a vti tunnel interface and all was going well except... 

The request was to have it originate from an IP address on our outside interface that is not the default IP address.

Easy to do with NAT, but I cannot find any hooks on which to hang a tunnel source address, only the source interface. 

Am I missing the obvious, or do tunnel interfaces always have to source from the single default source interface address? 

Thanks, Linwood

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎07-08-2022 09:45 AM - edited ‎07-08-2022 09:46 AM

cco@leferguson.com you can only source a VPN tunnel from the physical interface IP address.

 

You also can only terminate a VPN tunnel on the ASA physical interface IP address.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎07-08-2022 09:45 AM - edited ‎07-08-2022 09:46 AM

cco@leferguson.com you can only source a VPN tunnel from the physical interface IP address.

 

You also can only terminate a VPN tunnel on the ASA physical interface IP address.

0 Helpful

Go to solution
cco@leferguson.com
Level 1
Level 1
In response to Rob Ingram

‎07-08-2022 09:47 AM

Well, shoot.  Thanks for the quick confirmation.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎07-08-2022 09:46 AM

Unfortunately you need to use interface as tunnel source, you can't use ip even if it reachable.

0 Helpful
Customers Also Viewed These Support Documents