07-25-2012 10:36 PM - edited 03-11-2019 04:34 PM
hi
I have one asa 5510 with base licence. now we wisht to add one back up ISP for VPN failover, is this possible to configure backup ISP with this ASA 5510 and how ?
please check ASA features
Cisco Adaptive Security Appliance Software Version 8.2(2)
Device Manager Version 6.2(1)
Compiled on Mon 11-Jan-10 14:19 by builders
System image file is "disk0:/asa822-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 3 hours 35 mins
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
SSL VPN Peers : 2
Total VPN Peers : 250
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
Total UC Proxy Sessions : 2
Botnet Traffic Filter : Disabled
please help me to do this
thanks
Sreejesh S
Solved! Go to Solution.
07-25-2012 10:58 PM
Yes we can configure backup ISP on ASA.That is termed as SLA configuration.Only one link will be active at a time.This can be also used as a backup link for connecting through Remote VPN client.You need to add this secondary IP in the backup server list of VPN client
07-26-2012 09:35 AM
Hi Bro
Gourav Bathla is correct. You can use IP SLA to achieve this. Please refer to this Cisco document http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
P/S: If you think this comment is useful, please do rate them nicely :-)
07-25-2012 10:58 PM
Yes we can configure backup ISP on ASA.That is termed as SLA configuration.Only one link will be active at a time.This can be also used as a backup link for connecting through Remote VPN client.You need to add this secondary IP in the backup server list of VPN client
07-26-2012 09:35 AM
Hi Bro
Gourav Bathla is correct. You can use IP SLA to achieve this. Please refer to this Cisco document http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
P/S: If you think this comment is useful, please do rate them nicely :-)
07-25-2012 10:59 PM
Hi Sreejish,
I guess that should be possible but am not pretty sure. Hope you are planning to have 2 RA vpn for backup connectivity right.
You can name two cryptomaps and assign it accordingly naming outside and outside one. Also have the cryto isakmp also enabled for both the outside interfaces and create the VPN policies and apply it. It should work.
In your vpn client you need to configure the backup server as the secondary ip.
This way should work.
Please do rate for the helpful posts.
By
Karthik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide