Monday, 15 February 2016

Tunneling VPN out of a secondary interface

Just a quick checklist to ensure you have performed when you wish to have a VPN tunnel that you wish to terminate on a secondary internet uplink.

In my case there were two internet uplinks - one active and another standby - being controlled by an SLA monitor / static routing.

- Ensure that ISAKMP has been enabled on the secondary interface.

- Ensure you have a static route in place to route the remote VPN subnet / traffic out of the secondary interface: route outsideSecondary 10.11.0.0 255.255.0.0 <secondary-int-default-gw>

- Ensure you have a static route in place that will route VPN traffic destined for the other side's endpoint e.g. route outsideSecondary 80.70.60.50 255.255.255.255 <secondary-int-default-gw>

0 comments:

Post a comment