Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
582
Views
0
Helpful
3
Replies

Configuring Client VPN access on multiple public interfaces

ronald.nutter
Level 1
Level 1

‎11-30-2012 11:31 AM

I am working on a configuration for a client and have run into a problem.  The customer will have two ISP's connecting to their network.

I need to be able to setup client VPN access on either ISP connection.  TAC has given me answers that I can and cant to it;

The scenario I am working on is that most of the time, any remote access will occur over ISP1.  Only if there is a failure of the ISP1 connection would the users revert to using ISP2.  I tried configuring anyconnect to operate over both connections but couldnt get it to work.  If I have the configuration set to use only a single interface on the ASA, everything works just fine over each interface when I try just ISP1 or ISP2.  If I try to enable the configurarion over both ISP connections, I cant establish a VPN connection over either connection.

Since I am using a self signed cert (at least for now), I thought that having a single cert might be causing the problem.  I created a second cert for the ISP2 connection but still ran into the problem.

Since TAC intially said that I couldnt do this with Anyconnect, I thought that if I tried Anyconnect on ISP1 and IPSEC on ISP2, that I might just be able to get to work but no joy. 

I find it hard to believe that it isnt possible to have more than one single public interface setup to handle client vpn connections.  Has anyone else tried this and been able to get it to work ?

Ron

Labels:
0 Helpful
3 Replies 3

ALIAOF_
Level 6
Level 6

‎11-30-2012 01:26 PM

I'm doing this with two ISP's but the difference is that we are using two different ASA's.  Are you able to utilize two Firewalls?  Have ISP 1 go into one and ISP 2 go into second?

0 Helpful

ronald.nutter
Level 1
Level 1
In response to ALIAOF_

‎11-30-2012 02:01 PM

I will have 2 firewalls onsite but was hoping to keep them in HA configuration (active/standby).  I am open to looking at what you mention.  Are there any tech notes you can refer me to ?

Ron

0 Helpful

ALIAOF_
Level 6
Level 6
In response to ronald.nutter

‎11-30-2012 02:14 PM

My apologies I should have clarified a bit more.  I am doing this on 2 firewalls but the firewalls are in HA configuration so we have total of 4 physical firewalls.  I'm very curious about what you are trying to do going to do some research and see if I find something. 

0 Helpful
Customers Also Viewed These Support Documents