04-03-2013 08:19 AM
All,
I currently have an ASA5510 with 2 interfaces (outside and Inside) running remote VPN for clients and L2L VPN for a couple of sites. I have traffic entering the inside interface, matching interesting traffic, being wrapped up in IKE / IPSEC and sent out via the outside interface. All straightforward so far.
Now I have a new VPN which is required to go over another interface and not the outside. The traffic comes in to the inside interface as normal and should be matched via ACL, encrypted and sent out th e new interface however the traffic is simply sent out of the outside interface and doesn't get any IKE headers. If I reconfigure the interface to be be the outside it does at least match the ACL, wrap it up nicely in IKE and try to get to get to the remote peer.
My questions are why does this behaviour occur and why isnt the traffic marked interesting and sent out the new interface.
I don't have any issues creating a new VPN if I want it to go external, I just add the required information to the outside_map but i need the traffic to be encrypted and sent over another interface. I not a huge fan of the GUI for this but I've tried both CLI and GUI with the same results.
Regards
Kevin.
04-03-2013 08:37 AM
I would suggest sharing some more specific information.
To be honest I havent had the need to configure VPN on a single ASA for multiple interfaces.
I would imagine that you would have to confirm that
- Jouni
04-04-2013 12:55 AM
Thanks for your reply, appreciate that. There are some suggesstions I can use from the above post. I'll try hand coding this again too as most people advise not using the GUI. Its a frustrating configuration in that it encapsulates the intersting traffic if I send the traffic over the outside interface, when I choose to use another interface the traffic just goes out as an ICMP request, therefore not marking the traffic as interesting and trying phase1.
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide