Solved: Site to site VPN (ASA --> IOS Router, with two interfaces) Help

syedaltaf.shah · ‎01-21-2012

Dears,

i need help configuring Site to Site VPN from cisco ASA to IOS router, the Router has 2 WAN links, one primary and second backup.

there was only one link week ago, now we have installed second link as backup, we are using OSPF as routing protocol.

VPN with single link was working fine, now when the primary link fails the network is down.

Waiting for reply.

david.tran · ‎01-22-2012

This is an easy solution. On the router, you need terminate the VPN on the loopback interface.

something like this:

interface lo0

ip address x.x.x.x x.x.x.x

crypto map local-address lo0

interface wan_1

crypto map vpn

interface wan_2

crypto map vpn

One requirement is that the loopback interface must reachable by the ASA device.

View solution in original post

david.tran · ‎01-22-2012

This is an easy solution. On the router, you need terminate the VPN on the loopback interface.

something like this:

interface lo0

ip address x.x.x.x x.x.x.x

crypto map local-address lo0

interface wan_1

crypto map vpn

interface wan_2

crypto map vpn

One requirement is that the loopback interface must reachable by the ASA device.

syedaltaf.shah · ‎01-22-2012

thanks david,

i forgot to mention, yes this metho i have tried and it works but the only thing i cannot figure it out is the router inside interface.

Fa0/0
ip 172.17.17.10

fa0/1

ip 10.100.1.20

Ser0/0

Ip 192.168.100.3

this Fa0/0 is inside interface and the whole subnet /24 we want to make it interesting traffic, this interface we also use for snmp tools and monitoring and accessing device.
but this interface we cannot access, the VPN acting veired, some times we can ping and some time we cannot.

anny suggestions ???