03-17-2017 06:32 AM - edited 02-21-2020 09:11 PM
Hello,
I have to run encryption between 6 IOS routers and an ASA. The requirement is that we need encryption as follows: Routers1-5----->Router6 and Routers1-5----->ASA and Router6----->ASA. In order to simply things from a configuration perspective, my thought was to use dynamic L2L tunnels with Tunnel Endpoint Discovery enabled. I thought of DMVPN but the ASA kind of threw a monkey wrench into that idea. My three questions are:
1 - Can I run TED on an ASA?
2 - Do I need to run TED on the ASA in order for this to work?
3 - Is there a better way of doing this?
Thank you all in advance!
-Mike
Solved! Go to Solution.
03-29-2017 11:15 AM
You can terminate crypto on internal or external interfaces.
03-18-2017 08:42 AM
The ASA does not support TED either.
You will need to build a lot of site to site VPNs.
03-29-2017 06:22 AM
Thanks for the reply, Philip. This is what I suspected. These tunnels will actually be "internal" in that they will be going across our MPLS cloud. Do you see any issue with terminating the tunnels on the internal interfaces as opposed to the external interfaces? Also, the goal here is to encrypt traffic destined for an internet range of addresses. For example: Router A internal network 192.168.1.0 needs to access internet address 3.2.2.2. IPsec configuration tells the router to run it through the tunnel which terminates on a remote head end ASA with an external facing interface to network 3.2.2.0 and an internal interface of 192.168.2.1. This ASA is behind Router B. Am I able to terminate tunnels on the internal interfaces of Router A and the ASA? Would NAT be an issue?
Internal 192.168.1.1<--RouterA-->MPLS Cloud<--Router B-->Internal 192.168.2.1<--ASA--> 3.2.2.0
Hope this makes some sense,
-Mike
03-29-2017 11:15 AM
You can terminate crypto on internal or external interfaces.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide