10-10-2011 05:23 AM - edited 03-11-2019 02:35 PM
Hi,
Hopeing someone can point me in the right direction, I have a ASA 5505 which is connected to a remote site which also has a ASA 5505 over a L2L VPN tunel. One of the sites has a WAN failover configured with two ISP which is working successfully.
But, when the WAN connection fails over to the backup connection the VPN link breaks as the peer site IP address has changed and the VPN can not establish a connection.
Would it be possible to configure a VPN failover so that when the connection failovers so will the VPN tunnel?
Thanks
10-10-2011 08:40 AM
John
When you use the "crypto map
crypto map
Jon
10-10-2011 09:02 AM
Hi Jon,
Would it be also be possible to specfic different interfaces in the crypto map i.e. crypto map l2lsites interface outside and crypto map l2lsites interface outside2.
As the WAN failover would switch over to outside2?
10-10-2011 12:10 PM
Yes you can apply different crypto maps to different interfaces if that is what you are asking but you would need to make sure that if you wanted the traffic to go via outside2 for failover then traffic is routed that way on the ASA.
Jon
10-11-2011 12:08 AM
Thanks,
would the ASA choose the next interface is it can't connect.
I'm looking to do something like this:
crypto ipsec transform-set esp-3des-md5 esp-3des esp-md5-hmac
crypto map l2lsites 10 match address acl-l2l-ny
crypto map l2lsites 10 set peer XXX.XXX.XXX.XXX
crypto map l2lsites 10 set transform-set esp-3des-md5
crypto map l2lsites interface outside
crypto map l2lsites interface outside_failover
crypto isakmp enable outside
crypto isakmp enable outside_failover
In which case when the internet connection fails over the VPN the ASA would know that outside is down and then its try outside_failover.
I'm right in thinking this is how it would work?
10-12-2011 06:21 AM
Also how about the tunnel group?
12-12-2011 07:02 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide