[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ASA5520 with 02 internet connection

Posted on 2010-09-20
8
Medium Priority
?
507 Views
Last Modified: 2012-05-10
Hi bro,

            route vpn 0.0.0.0 0.0.0.0 x.x.x.x 2
                                02. VPN Client---------    ASA--------------Inside Network
                                                                             |
                                                                             |
                                                   route vpn 0.0.0.0 0.0.0.0 x.x.x.x 1
                                                         01. Internet connection

I have 02 internet connections and I want the using first connection for Internet and the second connection for VPN client. I already configure the first connection connect to Internet from inside network.

The second connection if add the command route vpn 0.0.0.0 0.0.0.0 x.x.x.x 2 and do VPN Client from outside, ASA response with log bellow:
      Routing failed to locate next hop for UDP from NP Identity.

Can you please show me how to configure the ASA only answer the IPSEC VPN on the vpn interface only?

Thank you very much for you help!
0
Comment
Question by:twinq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33715443
You cant do that. You cant have two default routes active at the same time. When you do what you describe you have only one default route active, the one with lowest metric. The second one (with a "2" at the end is not active until the first one is removed or invalid.

/Kvistofta
0
 

Author Comment

by:twinq
ID: 33722034
Do you have any solution to accept connection from VPN Client while the default route still active?
0
 
LVL 14

Expert Comment

by:SIM50
ID: 33744704
I had a similar situation with two different ISP's coming into one ASA. I was able to use 2nd interface by putting static routes for each VPN client while using 1st interface for all other traffic.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:twinq
ID: 33768034
Hi SIM50,

Thanks for your reply!

But I want to use dynamic route for second interface. Because, for each vpnclient for each time connect to ASA they not using static IP (they are using ADSL connection).

I already try using static IP before post this question to this website. :D

I hope someone have solution for this case.
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 2000 total points
ID: 33768047
twinq: You cannot do that, there is no solution to this with your given input.

If you have one static default route pointing to your first ISP gateway there is no dynamic way for the ASA to learn to route traffic to vpn-clients via the secondary ISP. See my first comment on this.

/Kvistofta
0
 

Expert Comment

by:be_root
ID: 33955202
Hi, its bad design chose to use FW as ISP edge connection. In my case, im using 2 3845 as BGP ASBR  in to 2 different ISP, and i have 2 WAN modules its "Remote Access" & "VPN" on Cisco ASA 5540 support. I have 2 static routes in my different DMZ zones, that redistributed back in to my BGP AS. It you need help in this solution, I can help with all question.
WBR Antony Seqoya.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 34459635
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question