Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
0
Helpful
1
Replies

ASA VP

guanbowen
Level 1
Level 1

‎08-02-2015 06:25 PM

We have two WAN link for our office ASA. Both WAN link has been NATed through other devices before reach ASA for VPN connection. 

The following gives a basic idea how it is connected.

 

Internal network---ASA---corporate ASA---Primary WAN---Public Internet

                                |  

                                |---Border Router---Backup WAN---Public Internet      

 

Currently remote access VPN is working fine with Primary WAN link. 

I am trying to setup VPN through Backup WAN link, but I am having some difficulties here:

1. Default route on our ASA is through Primary WAN, I have to static route any VPN traffic through Backup WAN to Border Router. I have proved that this solution works, with one problem: I need to know every single source IP address for VPN connection using Backup WAN link which is impossible.

2. Even if VPN works on Backup WAN, it will only work without split tunneling, otherwise, it will get phase 2 time exceed error. 

 

BTW, it is 5510 and I couldn't use route-map to set next-hop for PBR.

 

Any suggestions?

Thanks

Labels:
0 Helpful
1 Reply 1

Florin Barhala
Level 6
Level 6

‎10-16-2015 04:01 AM

I think you need a newer ASA IOS version to do PBR. What are you running right now?

Did you figure out a workaround for your scenario?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents