Hi Ron,
Could it be that you need to ask ISP B to allow your return traffic via them? If you do a traceroute as the way the packet should return where is it getting dropped?
Revert back...
Tnx
I
Sent from my BlackBerry. wireless device
-----Original Message-----
From: ron wilkerson <ron.wilkerson_at_gmail.com>
Sender: nobody_at_groupstudy.com
Date: Thu, 23 Feb 2012 00:53:32
To: Cisco certification<ccielab_at_groupstudy.com>
Reply-To: ron wilkerson <ron.wilkerson_at_gmail.com>
Subject: Dual Internet w/ dedicated VPN Interface
Hey Guys,
Wondering if anyone out there has tried to use a dedicated interface on an
ASA for remote access VPN's.
Scenario is:
- 2 ISP's, 2 interfaces
- trying to use ISP A for remote access VPN
- use ISP B for everything else
- default route points to ISP B
I understand site to site VPN is doable as you can place static routes for
the static peer. But what about remote access?
I tried to make it work but I wasn't successful.
The VPN profile points to ISP A but the return traffic leaves out of ISP B
interface due to the default route. In the log, I saw this message:
%ASA-6-110003: Routing failed to locate next hop....
So am I trying something that isn't possible with an ASA?
I have this working on a router btw. The router terminates 2 ISP
connections. The remote access VPN terminates on F0/0 but the return path
leaves out of F0/1 and it works.
Thanks,
Ron
Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 23 2012 - 06:22:24 ART
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 11:46:56 ART