I would like to create two site-to-site VPNs, one for data and one for VoIP, between the same sites. One end is an ASA 5510 and the other is a third party firewall. Is this possible if I use different sets of IP addresses for each tunnel?
Assuming this is your topology:
Voice --------|-------- ASA ----------- Internet ----------- 3rd party ---------------------------------|- Voice
Data ---------| |- Data
Then you can build a L2L tunnel. Please remember that you can only have on Phase I tunnel or ISAKMP session between the two sites, but you can have as many Phase II or Security Associations as needed, in other words, you can pass voice and data traffic over the VPN without any issues, as long as the networks do not overlapp (otherwise NAT would be required).
Here is a link that explains how to set up a L2L, just in case:
Let me know if you have any questions.
Please rate any post you find useful.
Thanks for your reply Javier but the third party firewall cannot prioritise traffic in the VPN. It can only allocate bandwidth for the whole VPN. Hence the need for an independent VPN for voice.
Any more ideas?
It should work.
The ASA will accept the second tunnel from the 3rd party unit, I have seen it with certain Wireless VPN Routers which can only have one SA per tunnel.
My first suggestion was in case you wouldn't have a clear understanding of one tunnel and multiple SAs, but your 3rd party needs to build a second tunnel in order to apply specific QoS policies and I think the ASA will accept it without problems.
Keep me posted.