Remote VPN Access Problem

Elias Michalitsis · ‎10-04-2012

Hi to all,

We have the following scenario:

We have a single Cisco ASA 5520 with the following zones:

1. Outside (connected to ISP1 with a leased line connection)

2. VPN (connected to ISP2, with an adsl connection)

3.Inside

The default route is to ISP1, in order that the inside users to access internet services ONLY from the ISP1.

The problem that we are facing is that when a remote user tries to create a vpn connection through ISP2 the connection is never established because the default route is through ISP1 and ASA doesn't support dual default gateways, in order to direct VPN back to ISP2.

We are looking for a solution similar to Policy Based Routing (which is not supported by ASA).

Is there any workaround because we are in a dead-end.

Attache you can find a detailed network diagram.

Thank you all in advance

Jennifer Halim · ‎10-04-2012

Unfortunately there is no workaround if you are using ASA with 2 different ISPs.

Only site-to-site VPN is supported through ISP2 because you know the peer address and the remote LAN subnet hence you can configure static route towards ISP2.

Remote access VPN because the client can connect from anywhere on the internet, then you would need a default gateway on the ASA, so only supported via ISP1.

Elias Michalitsis · ‎10-04-2012

So, if i put a 2800 router between ASA and the ADSL connection to ISP2 (which supports vpn termination), is it possible to have a solution to the previously mentioned problem?

Jennifer Halim · ‎10-04-2012

Yes, if you put 2800 router between ASA and ADSL, then there will be no issue at all.

On the ASA, all you have to configure is static route for the VPN Pool subnet to be routed towards the 2800 router.