I've recently been asked to build a route-based VPN using an ASA.
The other end of the VPN is a business partner who hands out a sheet with phase1/2 details all filled out. They've done this before, plenty of times.
They tell me it's a route-based (as opposed to policy-based) configuration, but didn't supply IP addressing info for the tunnel interfaces. So, I guess I have to run that VTI as unnumbered?
Now we're getting into weird territory for me. The ASA's route command doesn't allow me to specify only an interface. It requires a next-hop address.
So, what do you think? Is it possible to create an unnumbered route-based VPN on an ASA? I'm beginning to think this is actually supposed to be a policy-based VPN.
No comments:
Post a Comment