07-26-2019 09:08 AM - edited 02-21-2020 09:42 PM
Hi,
I am looking to configure a site to site VPN connection between two ASA firewalls.
On one of the firewalls, I have the interface IP as 201.2.171.234, with subnet mask 255.255.255.248, this is the interface i intend to use for the VPN connection.
My question is can I use the IP 201.2.171.235 as the peer IP in the VPN configuration since this IP "201.2.171.235" falls under the same subnet of my current interface IP or do I have to use the interface IP; 201.2.171.234, since it's configured on the firewall as the interface IP address.
Thank you
07-26-2019 11:00 AM
Hi,
On the ASA you enable ikev1/ikev2 on an interface, once enabled you can only establish a VPN tunnel to the IP address of the interface ikev1/ikev2 is enabled on, not another IP address in that network.
HTH
07-27-2019 03:00 AM
Hello Bmak,
you would have to use to .234 IP as this is the IP of the interface.
Regards
Shikha Grover
PS: Please don't forget to rate and select as validated answer if this answered your question
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide