Solved: Two VPN tunnels on same device with same protected networks

Stephen Carville · ‎05-09-2016

There is a remote site that wants me to set up two separate VPN tunnels with the same internal IPs at each end. EG

Local Network = 10.212.170.201/32, 10.212.170.202/32

Remote Network = 192.168.0.0/24

I currently have a tunnel for the above between:

Remote End Point = 111.93.152.186

Local End Point = 198.205.115.252

They now want to set up a VPN for the same networks between:

Remote End Point = 115.115.130.34

Local End Point = 198.205.115.252

It is my understanding that the Cisco ASA 5520 cannot do this. The only way I've seen this done with Cisco hardware is to use two ASAs but there may be a way to use route costs or some other trickery to make it happen.

I am open to suggestions.

Philip D'Ath · ‎05-09-2016

Is this for a backup?

In so, specify the second remote end point as a "backup" to the peer in the first VPN. Only one will be active at a time - but it will failover if the first VPN dies.

View solution in original post

Philip D'Ath · ‎05-09-2016

Is this for a backup?

In so, specify the second remote end point as a "backup" to the peer in the first VPN. Only one will be active at a time - but it will failover if the first VPN dies.

Stephen Carville · ‎05-10-2016

Thank you for your reply.

Yes, it is for a backup. The remote site is in India (insert rude joke about Internet quality and cheap hookers) so redundant connections are important. I'll try adding the additional addresses to the relevant cryptomap and see how it works.