Jun 8, 2012

Route-based IPsec VPN on ASA

IOS (and some appliances from other vendors) has a feature called VTI (virtual tunnel interface) that can be used to setup route-based IPsec VPNs. Therefore we just need to create a static route to reach the remote networks, without update the encryption domain (proxy ACL).

ASA doesn't support tunnel interfaces, however we still can setup route-based IPsec VPNs and that is what I am going to show.