There is a trick published on cisco support forums based on policy based
NAT. It may work for you if your primary traffic is of known types (I
was thinking about http and https), so you can force those to
ISP B and let the "main" default route go to ISP A.
https://supportforums.cisco.com/docs/DOC-6069
-Carlos
ron wilkerson @ 23/02/2012 02:53 -0300 dixit:
> Hey Guys,
> Wondering if anyone out there has tried to use a dedicated interface on an
> ASA for remote access VPN's.
> Scenario is:
> - 2 ISP's, 2 interfaces
> - trying to use ISP A for remote access VPN
> - use ISP B for everything else
> - default route points to ISP B
>
> I understand site to site VPN is doable as you can place static routes for
> the static peer. But what about remote access?
> I tried to make it work but I wasn't successful.
> The VPN profile points to ISP A but the return traffic leaves out of ISP B
> interface due to the default route. In the log, I saw this message:
>
> %ASA-6-110003: Routing failed to locate next hop....
>
> So am I trying something that isn't possible with an ASA?
>
> I have this working on a router btw. The router terminates 2 ISP
> connections. The remote access VPN terminates on F0/0 but the return path
> leaves out of F0/1 and it works.
>
> Thanks,
> Ron
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Thu Feb 23 2012 - 07:36:55 ART
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 11:46:56 ART