Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2622
Views
5
Helpful
6
Replies

Cisco ASA IPSEC VTI ECMP

Go to solution
csco10675262
Level 1
Level 1

‎08-04-2021 03:58 AM - edited ‎08-04-2021 04:00 AM

Hi,

I have a ASA setup with 2 IPSEC VTI tunnels to the same remote site.  I like to check if it may be possible to perform ECMP for outgoing and incoming traffic thru the VTI tunnels? The setup is a single ASA to a ios router on 2 x IPSEC VTI tunnels for 2 different isp links connecting to them which I like to check if its supported for ECMP across 2 tunnels? BGP is established over the ipsec vti tunnels with maximum path 2 configured

 

Any suggestion is appreciated

 

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-04-2021 04:55 AM

check this may help you :

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/212478-configure-asa-virtual-tunnel-interfaces.html

 

regarding BGP, we need to know more how you configured ? (what you looking to do with BGP ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
6 Replies 6

Go to solution
00uwebuq2cv2rh8M55d6
Level 1
Level 1

‎08-04-2021 04:51 AM

Asa to iOS router on 2 x IPSEC VTI tunnels for 2 different isp links connection to them which I like to check if its supported for ECMP for out going and incoming traffic the VTI tunnels.ASA to iOS router on 2 x IPSEC VTI tunnels for 2 different isp links connecting to them. ECMP across 2 tunnels with BGp is stablished over the ipsetic VTI tunnel with maximum 2 path to configured any suggestion.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-04-2021 04:55 AM

check this may help you :

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/212478-configure-asa-virtual-tunnel-interfaces.html

 

regarding BGP, we need to know more how you configured ? (what you looking to do with BGP ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
csco10675262
Level 1
Level 1
In response to balaji.bandi

‎08-09-2021 11:30 PM

Hi,

Thank you for the information. Unfortunately, it doesnt provide any information on EMCP via the VTI tunnels. I have instead concluded it does not seems to be supported on ASA at least as was looking at equivalent traffic zone feature but was not supported on VTI interface for ASA. It appears to be supported on FTD though. 

 

For the BGP, its just on ease of administration as there will may be ipsec tunnels/sites and to simplify the routing instead of static entries proned to human errors.

 

Once again, Thank you for the help  

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to csco10675262

‎08-10-2021 12:36 AM

yes FTD can do what you looking, (cisco moving forward towards FTD).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
csco10675262
Level 1
Level 1
In response to balaji.bandi

‎08-10-2021 12:49 AM

Hi,

I believe the device is used for VPN only and TACACS is required as well. I think tacacs is not yet supported on FTD yet?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to csco10675262

‎08-10-2021 01:22 AM

Thank you for the feedback good to know and it will helpful for other community members who looking to deploy the same.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents