08-02-2021 01:38 PM
Hi,
I have the above setup, and the site-to-site VPN is running. The load balancer is peplink .
if in case of any link failure or for load sharing (outbound )the traffic is going through r2 to isp2.
(load balancer NAT the traffic from 1.1.1.1 to 2.2.2.2 )
My question in site to site VPN, can I send the outbound traffic to through R2
Thanks
08-02-2021 01:50 PM - edited 08-02-2021 01:51 PM
Your design is not clear, what devices is the VPN between, the FW and R2?
You can tunnel internet traffic through a VPN, the destination network needs to be "any". In your scenario a LB between VPN endpoints will not nat the encrypted traffic inside the VPN tunnel. You would have to nat on the FW or router.
08-02-2021 03:32 PM
Hi,
Hi,
I will try to clarify
FW is asa . NAT is also enabled on ASA. there is the site to site VPN is running between 1.1.1.1 and 5.5.5.5
My question can I route the outbound traffic from 1.1.1.1 to 5.5.5.5 through R2 and ISP2
The device in-between r2 AND FW will NAT 1.1.1.1 to 2.2.2.2
( Since we don't have our own public IP we are using the above-mentioned device to load share the traffic between ISP 1 and ISP 2 )
Thanks
08-03-2021 01:14 AM
Yes you can nat, assuming NAT Traversal is enabled (it is default on most devices) and the peer device at the remote site is configured to establish a tunnel with both IP addresses.
08-03-2021 09:46 AM
Hi,
Can I create a tunnel between ASA and the remote site by using the ip 2.2.2.2 and 5.5.5.5
asa Outside interface ip is 1.1.1.1
If it possible I can create another tunnel between ASA and remote through ISP2
Thanks
the ASA outside interface IP Is 1.1.1.1
08-03-2021 10:56 AM
Well the remote peer device (5.5.5.5) will have to establish a tunnel to 2.2.2.2, as you said the ASA doesn't have a public IP address. The LB will in turn will untranslate and route to the ASA on 1.1.1.1 and a tunnel established.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: