01-31-2017 12:33 AM
asa version 9.5(2)14
Hello
I have two vlan in the internal network where I want to create for them a different lan to vmnet (vpn to azure) can you tell me if its possible.(ASA 5515)
And if its yes can you please send some guidence .
Thank you
01-31-2017 05:32 AM
Hi,
Could you please elaborate your query and also provide a small topology.
-
Pulkit
01-31-2017 07:05 AM
ok in my internal network I have 3850 router ,and 2 switch conect it to it.
Both swithes are different companies so in the one have vlan 10 ip let say 193.168.10.0
and in the other have vlan 20 with ip let say 193.10.10.0
the one network with the other or not communicate but in the internet access are coming from one asa 5115.
Now I want the first company vlan 10 to create lan to lan(vnet) azure vpn.
and the same with the second vlan 20 .
Is it possible to have 2 vpn lan to lan?
any help wil be appreciate.
Thank you
01-31-2017 07:15 AM
Hi,
In this case you do even need two VPN's to be configured on 3850 side since it is the same peer (Azure VPN).
So we need to configure one VPN and then in the interesting traffic or some say crypto ACL's we need to call both the VLAN's and destination subnet will be the subnet behind Azure.
http://www.cisco.com/c/en/us/support/docs/routers/1700-series-modular-access-routers/71462-rtr-l2l-ipsec-split.html
Check this document, the only difference is that we have two subnets behind our router A, an instead of router B, we have Azure VPN.
-
Pulkit
01-31-2017 06:06 AM
According to MS documentation, you should be able to do 4 VNETS and 6 On premise networks.
https://blogs.technet.microsoft.com/cloudpfe/2014/07/18/microsoft-azure-connecting-multiple-vnets-to-a-vnet/
Configuration guide for both sides for the Azure VPN is given here:
https://supportforums.cisco.com/blog/12926156/site-site-vpn-between-cisco-asa-and-microsoft-azure-virtual-network-arm
Also sample config on the ASA from MS is given here:
https://github.com/Azure/Azure-vpn-config-samples/blob/master/Cisco/Current/ASA/ASA_9.1_and_above_Show_running-config.txt
You would have to add multiple LAN's to the network object given in this example.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide