Hi Experts.
I got a IOS router with 2x 3G Cellular interfaces. Our plan is to use 1 Cellular for user data and another Cellular for managment traffic. We plan to build the 2x dynamic VPN (since the 3G are dynamic WAN IP) to the HQ ASA firewall.
My question is below.
How I can ensure the management traffic can triggered the second VPN tunnel via Cellular 0/2/0(2nd link) if the peer ip are the same ASA firewall outside( public) IP?
The default route are preferred over to Cellular 0/1/0, so the routing to 27.124.85.128 will follow cellular0/1/0. Problem is how I can make the second policy use the Cellular0/2/0 interface since I can't specify the source interface? When ACL102 matches it triggered the policy for VPN establishing target to 27.124.85.128 and again it will use the Cellular0/1/0 to build the dynamic VPN since this is the preferred egress interface.
How to build 2nd VPN via different WAN interface if it is pointing to the same peer ip?
crypto map USER_DATA 2 ipsec-isakmp
description Dynamic MGMT Tunnel to FW-BELM
set peer 27.124.85.128 (sample IP)
set transform-set myset
match address 101
!
crypto map MGMT_LINK 2 ipsec-isakmp
description Dynamic MGMT Tunnel to FW-BELM
set peer 27.124.85.128
set transform-set myset
match address 102
!