Solved

ASA5520 with 02 internet connection

Posted on 2010-09-20
8
466 Views
Last Modified: 2012-05-10
Hi bro,

            route vpn 0.0.0.0 0.0.0.0 x.x.x.x 2
                                02. VPN Client---------    ASA--------------Inside Network
                                                                             |
                                                                             |
                                                   route vpn 0.0.0.0 0.0.0.0 x.x.x.x 1
                                                         01. Internet connection

I have 02 internet connections and I want the using first connection for Internet and the second connection for VPN client. I already configure the first connection connect to Internet from inside network.

The second connection if add the command route vpn 0.0.0.0 0.0.0.0 x.x.x.x 2 and do VPN Client from outside, ASA response with log bellow:
      Routing failed to locate next hop for UDP from NP Identity.

Can you please show me how to configure the ASA only answer the IPSEC VPN on the vpn interface only?

Thank you very much for you help!
0
Comment
Question by:twinq
8 Comments
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33715443
You cant do that. You cant have two default routes active at the same time. When you do what you describe you have only one default route active, the one with lowest metric. The second one (with a "2" at the end is not active until the first one is removed or invalid.

/Kvistofta
0
 

Author Comment

by:twinq
ID: 33722034
Do you have any solution to accept connection from VPN Client while the default route still active?
0
 
LVL 13

Expert Comment

by:SIM50
ID: 33744704
I had a similar situation with two different ISP's coming into one ASA. I was able to use 2nd interface by putting static routes for each VPN client while using 1st interface for all other traffic.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:twinq
ID: 33768034
Hi SIM50,

Thanks for your reply!

But I want to use dynamic route for second interface. Because, for each vpnclient for each time connect to ASA they not using static IP (they are using ADSL connection).

I already try using static IP before post this question to this website. :D

I hope someone have solution for this case.
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 33768047
twinq: You cannot do that, there is no solution to this with your given input.

If you have one static default route pointing to your first ISP gateway there is no dynamic way for the ASA to learn to route traffic to vpn-clients via the secondary ISP. See my first comment on this.

/Kvistofta
0
 

Expert Comment

by:be_root
ID: 33955202
Hi, its bad design chose to use FW as ISP edge connection. In my case, im using 2 3845 as BGP ASBR  in to 2 different ISP, and i have 2 WAN modules its "Remote Access" & "VPN" on Cisco ASA 5540 support. I have 2 static routes in my different DMZ zones, that redistributed back in to my BGP AS. It you need help in this solution, I can help with all question.
WBR Antony Seqoya.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34459635
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now