• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

VPN problem

Im have ASA firewall 5520, there outside and inside ports where im using private IP address on them. The traffic is directed to another external firewall (Firebox), means that im I have default route goes throughout outside:
#route outside 1
The problem is that I want to use one if the available ASA ports to make VPN connection, I attached this port (2) directly to my ISP router and assigned a public IP address, then I assumed this port needs default router/NAT/ACL to add.
When I add the default route it gives me this error:

#route vpn 41.x.x.x 1
#ERROR: Cannot add route entry, conflict with existing routes

Could anybody explain to me why im getting this error, and if my config is the right one for this scenario
1 Solution
You can't have two default routes.

If these are site to site VPN tunnels with static IP endpoints on the remote end, you can add static host routes via the vpn interface.  The remote endpoints will use the vpn interface IP address as the peer address.

If this is for remote access VPN adding routes won't work and you'll either need to use the outside interface (with a NAT on the firebox) or get a second ASA to be used for VPN and connect the outside of the second to the "vpn ISP".

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now