Solved

Cisco ASA multiple local peer IP addreses for L2L VPN

Posted on 2014-03-17
1
1,901 Views
Last Modified: 2014-11-12
I am trying to create VPN tunnels between my ASA and the AWS environment.

I already have one tunnel up and running successfully but I now need a second tunnel from  a second AWS environment to the same ASA on my side.

This seems to be a big no-no within AWS.

I can't have more then one tunnel from AWS to the same remote peer IP address.

I therefore need to setup a second peer IP address on my ASA in order to get the second AWS tunnel up and running. My ASA is currently using the IP address of the Outside interface as the peer address.

Am I able to configure my ASA with more then one public IP address to use for VPN peer connectivity and, if so, how do I go about implementing that ?

TIA
0
Comment
Question by:ccfcfc
1 Comment
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 39934499
The tunnel configuration only defines the other endpoint; your local endpoint will always be the interface with the route to the far end.

You can accomplish what you're trying to do on the ASA only if you have multiple gateways/ISPs.  In that case, you could configure your routing so that one tunnel goes over one ISP (with that interface's source address), and another tunnel over the other ISP (with that interface's source address).




To accomplish this using just one ISP, you will need multiple VPN routers; fortunately, they need not be very powerful, depending on the volume of traffic.  Chances are, an 800-series router would be perfectly able to handle the traffic, and you just have to publish UDP 500 and UDP 4500 through your ASA.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question