cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
363
Views
0
Helpful
3
Replies
Michael Marzol
Beginner

TED / IPSec VPN between IOS routers and an ASA

Hello,

I have to run encryption between 6 IOS routers and an ASA. The requirement is that we need encryption as follows: Routers1-5----->Router6 and Routers1-5----->ASA and Router6----->ASA. In order to simply things from a configuration perspective, my thought was to use dynamic L2L tunnels with Tunnel Endpoint Discovery enabled. I thought of DMVPN but the ASA kind of threw a monkey wrench into that idea. My three questions are:

1 - Can I run TED on an ASA?

2 - Do I need to run TED on the ASA in order for this to work?

3 - Is there a better way of doing this?

Thank you all in advance!

-Mike

1 ACCEPTED SOLUTION

Accepted Solutions

You can terminate crypto on internal or external interfaces.

View solution in original post

3 REPLIES 3
Philip D'Ath
Advisor

The ASA does not support TED either.

You will need to build a lot of site to site VPNs.

Thanks for the reply, Philip. This is what I suspected. These tunnels will actually be "internal" in that they will be going across our MPLS cloud. Do you see any issue with terminating the tunnels on the internal interfaces as opposed to the external interfaces? Also, the goal here is to encrypt traffic destined for an internet range of addresses. For example: Router A internal network 192.168.1.0 needs to access internet address 3.2.2.2. IPsec configuration tells the router to run it through the tunnel which terminates on a remote head end ASA with an external facing interface to network 3.2.2.0 and an internal interface of 192.168.2.1. This ASA is behind Router B. Am I able to terminate tunnels on the internal interfaces of Router A and the ASA? Would NAT be an issue?

Internal 192.168.1.1<--RouterA-->MPLS Cloud<--Router B-->Internal 192.168.2.1<--ASA--> 3.2.2.0

Hope this makes some sense,

-Mike

You can terminate crypto on internal or external interfaces.

View solution in original post

Content for Community-Ad