Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
5
Helpful
3
Replies

Multiple remote access VPN IPs?

imnotorginal
Level 1
Level 1

‎07-07-2020 06:20 AM

Hi all,

 

I was finding it a little difficult to search this topic, so I decided I would go to the source in hopes that I could explain it better.

 

I have a pair of cisco ASA 5516x in HA.  Currently I have an outside interface where all my remote access VPNs connect to.  This outside interface has a public IP from a /28 block of IPs that we own.  Is it possible to have another outside interface in addition to my current one, with a public IP from a completely separate /28 IP block?

Example Company A has two divisions with separate network infrastructures.  The only thing they share is their border switch and Firewall.  From there each division branches to its own core.  Currently both divisions share the same VPN URL that points to a single public IP on the ASA.  Can I configure another interface so that each division will have their own remote access VPN connection point?  VPN.division1.com will point to the public IP assigned to interface Gi1/1, and VPN.divison2.com will point to the public IP assigned to interface Gi1/2.

 

Thanks for any comments or suggestions in advance.

 

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎07-07-2020 06:30 AM - edited ‎07-07-2020 06:44 AM

Hi,

The trouble you'll have with that is routing.

Consider using Multi Context and configuring each Remote Access VPN inside a dedicated context.

 

Reference here.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/200353-ASA-Multi-Context-Mode-Remote-Access-A.html

 

HTH

imnotorginal
Level 1
Level 1
In response to Rob Ingram

‎07-07-2020 06:45 AM

This was exactly what I thought would give me trouble. Thank you for taking time to give feedback.
0 Helpful

mdnahidmomen
Level 1
Level 1

‎07-08-2020 07:13 AM

Hi,
this is possible , I have done the same thing for a client in ASAv30. You do not need another context here.
you need to set stattic route of the customent  different infrstructure.
set static route :
VPN.division1.com over G1/1
VPN.division2.com over G1/2
also , set static route for local Ip ranges:
example VPN.division1.com has A as local Ip range and VPN.division2.com has B local range
then you need to set static route as
route A mask over VPN.division1.com
route B mask over VPN.division2.com
Regards
Nahid

0 Helpful
Customers Also Viewed These Support Documents