Solved: ASA 5510 back isp configuration

Sreejesh S · ‎07-25-2012

hi

I have one asa 5510 with base licence. now we wisht to add one back up ISP for VPN failover, is this possible to configure backup ISP with this ASA 5510 and how ?

please check ASA features

Cisco Adaptive Security Appliance Software Version 8.2(2)

Device Manager Version 6.2(1)

Compiled on Mon 11-Jan-10 14:19 by builders

System image file is "disk0:/asa822-k8.bin"

Config file at boot was "startup-config"

ciscoasa up 3 hours 35 mins

Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz

Internal ATA Compact Flash, 256MB

BIOS Flash Firmware Hub @ 0xffe00000, 1024KB

Licensed features for this platform:

Maximum Physical Interfaces : Unlimited

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

SSL VPN Peers : 2

Total VPN Peers : 250

Shared License : Disabled

AnyConnect for Mobile : Disabled

AnyConnect for Cisco VPN Phone : Disabled

AnyConnect Essentials : Disabled

Advanced Endpoint Assessment : Disabled

UC Phone Proxy Sessions : 2

Total UC Proxy Sessions : 2

Botnet Traffic Filter : Disabled

please help me to do this

thanks

Sreejesh S

gouravbathla · ‎07-25-2012

Yes we can configure backup ISP on ASA.That is termed as SLA configuration.Only one link will be active at a time.This can be also used as a backup link for connecting through Remote VPN client.You need to add this secondary IP in the backup server list of VPN client

View solution in original post

Ramraj Sivagnanam Sivajanam · ‎07-26-2012

Hi Bro

Gourav Bathla is correct. You can use IP SLA to achieve this. Please refer to this Cisco document http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

View solution in original post

gouravbathla · ‎07-25-2012

Yes we can configure backup ISP on ASA.That is termed as SLA configuration.Only one link will be active at a time.This can be also used as a backup link for connecting through Remote VPN client.You need to add this secondary IP in the backup server list of VPN client

Ramraj Sivagnanam Sivajanam · ‎07-26-2012

Hi Bro

Gourav Bathla is correct. You can use IP SLA to achieve this. Please refer to this Cisco document http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards,
Ramraj Sivagnanam Sivajanam

nkarthikeyan · ‎07-25-2012

Hi Sreejish,

I guess that should be possible but am not pretty sure. Hope you are planning to have 2 RA vpn for backup connectivity right.

You can name two cryptomaps and assign it accordingly naming outside and outside one. Also have the cryto isakmp also enabled for both the outside interfaces and create the VPN policies and apply it. It should work.

In your vpn client you need to configure the backup server as the secondary ip.

This way should work.

Please do rate for the helpful posts.

By

Karthik