Monday 15 February 2016

Tunneling VPN out of a secondary interface

Just a quick checklist to ensure you have performed when you wish to have a VPN tunnel that you wish to terminate on a secondary internet uplink.

In my case there were two internet uplinks - one active and another standby - being controlled by an SLA monitor / static routing.

- Ensure that ISAKMP has been enabled on the secondary interface.

- Ensure you have a static route in place to route the remote VPN subnet / traffic out of the secondary interface: route outsideSecondary <secondary-int-default-gw>

- Ensure you have a static route in place that will route VPN traffic destined for the other side's endpoint e.g. route outsideSecondary <secondary-int-default-gw>


Post a Comment