03-16-2016 07:45 PM - edited 02-21-2020 08:43 PM
Hi Support Community,
I have an ASA with dual ISP (gig0/0 and gig0/1) and gig0/1 has a default route with admin distance of 254 for backup purpose.
I just created Cisco Anyconnect on the ASA using the wizard and I can connect to both interfaces.
The IPSec tunnel configuration is also there and I tried creating an IPSec VPN entry on the with my iPhone and I can connect to gig0/0 or gig0/1 if gig0/0 is shut down. But I can't connect to gig0/1 if gig0/0 is up.
When I run "show crypto isa sa", I get the following error:
ciscoasa# show crypto isa sa
IKEv1 SAs:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: X.X.X.X
Type : user Role : responder
Rekey : no State : AM_WAIT_MSG3
So the question is , what does this mean and why does it work if I shut gig0/0 (which is the primary interface) and also why would Cisco Anyconnect works with both interfaces up and the Legacy Cisco VPN client not work?
thanks
Solved! Go to Solution.
03-16-2016 08:12 PM
Hello,
This is expected due to the way the ASA's routing table is currently designed. ASA maintains not only global routing table but per-interface routing table as well.
In
In
Check this for your reference:-
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsg39338/?reffering_site=dumpcr
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
03-16-2016 08:12 PM
Hello,
This is expected due to the way the ASA's routing table is currently designed. ASA maintains not only global routing table but per-interface routing table as well.
In
In
Check this for your reference:-
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCsg39338/?reffering_site=dumpcr
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
03-17-2016 05:48 PM
Ok, had a question on how to get remote access vpn working with two ISPs (one on gig0/0 and gig0/1). Not sure if this will work since there can only be one default gateway.
03-18-2016 08:54 AM
If you mean Anyconnect by remote access VPN, then it should ideally work as stated in
Just create different pool IPs for the VPN use for different ISPs so that users can send the traffic accordingly.
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide