cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
815
Views
0
Helpful
5
Replies

L2L tunnel btwn two sites. Can I initiate L2L on Sub-interface?

Eric Boadu
Level 1
Level 1

Can I initiate L2L IPSec tunnel with below configuration? Or Can I use the external IP address to established (remote peer) IPSec L2L tunnel without physically assigning to the outside interface? Right now outside interface is private facing ISP. I don’t have the leverage to add router. Please let me know how and if below example configuration can meet my situation. The sub-interface IP address will be connecting to the ISP from the ASA 5520 firewall. My PPP link between the two sites is going under maintenance for long time. Thank you in advance!

Example:

interface GigabitEthernet0/0

description untrusted link

nameif outside

security-level 0

ip address 191.161.4.1 255.255.255.0 standby 191.161.4.2<<Public IP

interface GigabitEthernet0/0.5

description untrusted link

nameif outside

security-level 0

ip address 10.1.10.2 255.255.255.248 standby 10.1.10.3 << private IP to ISP core end.

Or

interface GigabitEthernet0/0

no shut

interface GigabitEthernet0/0.5

description untrusted link

encapsulation dot1Q 5

nameif outside

security-level 0

ip address 191.161.4.1 255.255.255.0 standby 191.161.4.2<<Public IP

interface GigabitEthernet0/0.10

description untrusted link

encapsulation dot1Q 10

nameif outside

security-level 0

ip address 10.1.10.2 255.255.255.248 standby 10.1.10.3 << private IP to ISP core end.

Thanks,

Eric

1 Accepted Solution