Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
893
Views
10
Helpful
2
Replies

IPSEC VPN Routing

Go to solution
Mokhalil82
Level 4
Level 4

‎10-08-2019 09:00 AM - edited ‎02-21-2020 09:45 PM

Hi

We have an ASA with multiple IPSEC VPNs to 3rd parties. We have now had a new public IP range presented on a new circuit which I have plugged into another interface on the ASA and configured this as Outside2. 

Now I am looking to migrate the VPNs over to the new range one by one as I don't have access to the other end and will have to get the 3rd parties involved.

 

So in terms of routing, as I reconfigure the VPN for the new range which will use the new interface, do I need a static route for the peer IP out of the new gateway, and do I also need to point the internal IPs for the encryption domain out of the new interface?

ie if the remote ip range is 10.10.10.0/24, do I need a static route for that also with the next hop of the new gateway?

 

TIA

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-08-2019 09:21 AM

Hi,
Yes you would need a more specific static route out of the new interface in order to establish a tunnel with the peer. You can either define a static route to the remote private IP network via the new interface or potentially use RRI to learn the route.

HTH

View solution in original post

Go to solution
Marius Gunnerud
VIP
VIP

‎10-08-2019 02:46 PM

You will need a static route for both the public IP and the private IP.  These can ofcourse be removed once all VPNs are moved over to the new interface and the old interface is ready to be taken down.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎10-08-2019 09:21 AM

Hi,
Yes you would need a more specific static route out of the new interface in order to establish a tunnel with the peer. You can either define a static route to the remote private IP network via the new interface or potentially use RRI to learn the route.

HTH

Go to solution
Marius Gunnerud
VIP
VIP

‎10-08-2019 02:46 PM

You will need a static route for both the public IP and the private IP.  These can ofcourse be removed once all VPNs are moved over to the new interface and the old interface is ready to be taken down.

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents