ASA with Dual ISP One Static for VPN and one Dynamic for the rest
I need some help for a ASA Config.
i have a ASA 5510 with 8.4.4
Two outside Interfaces call outside-vpn (static IP Address) an outside-DSL (dynamic IP Address).
One Inside Interface call inside :-)
I have a default route for outside-dsl for the www traffic.
i have a vpn site to site tunnel to a outside office. There is a static route to the peer (300.300.300.300) in the outside
office over "outside-vpn". That works fine.
Now my problem...
I have some Remote Access Clients with Cisco VPN-Clients. They connect it to the static IP Address from the outside-VPN interface.
That`s not work. The log tell me "Routing failed to locate next hop...."
The remote access clients get their dynamic IP from the local ISP`s.
Can anybody help me!!!!!What can i do???
The ASA Routing Table
Gateway of last resort is 10.10.10.1 to network 0.0.0.0
C 600.600.600.0 255.255.255.248 is directly connected, outside-VPN C 10.10.10.0 255.255.255.0 is directly connected, outside-DSL S 300.300.300.300 255.255.255.252 [1/0] via 600.600.600.1, outside-VPN S* 0.0.0.0 0.0.0.0 [1/0] via 10.10.10.1, outside-DSL
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 188.8.131.52Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 184.108.40.206R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...