02-26-2015 02:32 AM
Hi,
I have small confusion regarding the configurations and connection. As I have One ASA which is connecting to Two ISP router. now I want to make One ISP dedicated to Internet and One for site to site VPN....... By using the static routing in ASA, I can point default route to Isp1 router for Internet access however for VPN traffic what route should I Point to ISP2 router so the VPN traffic which is being use Private Ip address can be work.
Or Please suggest me if any other option can work in this Scenario ?
Thanks
02-26-2015 09:10 PM
Hello Gajendra,
You keep default-route to your primary ISP1 and for your second ISP2 you only point your remote-tunnel peer's addresses (I assume they are public addresses) and you also point to second ISP2 all remote-LANs subnets. When you point remote-LANs to second ISP (by the means of static route), it is to make sure that that remote-LANs subnets is reachable via the tunnel, so that crypto engine picks up that given traffic for encapsulation.
If you don't have the static route to remote-LANs, then you might encounter problem as such, tunnel is in up-state but there is traffic is entering into the tunnel, because most of the time, people push all private address ranges to inside the network.
Hope this answers your question.
Thanks
Rizwan Rafeek.
02-26-2015 09:10 PM
Thanks Rizwan Rafeek,
As I do have this plan in mind; however looking for the any other solutions...... like to make both link active for VPN as well as Internet.
Thanks
02-27-2015 06:51 AM
"what route should I Point to ISP2 router so the VPN traffic which is being use Private Ip address can be work."
I hope your first question was answered.
You cannot push default-route to both interfaces same time, so pushing internet bound traffic to both links is not viable and so no balancing internet bound traffic on ASA.
However you can load-balance vpn-tunnel bound traffic, since each individual tunnel can be terminated either of the internet facing interface.
Thanks
Rizwan Rafeek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide