Can I initiate L2L IPSec tunnel with below configuration? Or Can I use the external IP address to established (remote peer) IPSec L2L tunnel without physically assigning to the outside interface? Right now outside interface is private facing ISP. I don’t have the leverage to add router. Please let me know how and if below example configuration can meet my situation. The sub-interface IP address will be connecting to the ISP from the ASA 5520 firewall. My PPP link between the two sites is going under maintenance for long time. Thank you in advance!
Example:
interface GigabitEthernet0/0
description untrusted link
nameif outside
security-level 0
ip address 191.161.4.1 255.255.255.0 standby 191.161.4.2<<Public IP
interface GigabitEthernet0/0.5
description untrusted link
nameif outside
security-level 0
ip address 10.1.10.2 255.255.255.248 standby 10.1.10.3 << private IP to ISP core end.
Or
interface GigabitEthernet0/0
no shut
interface GigabitEthernet0/0.5
description untrusted link
encapsulation dot1Q 5
nameif outside
security-level 0
ip address 191.161.4.1 255.255.255.0 standby 191.161.4.2<<Public IP
interface GigabitEthernet0/0.10
description untrusted link
encapsulation dot1Q 10
nameif outside
security-level 0
ip address 10.1.10.2 255.255.255.248 standby 10.1.10.3 << private IP to ISP core end.
Thanks,
Eric