cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1209
Views
0
Helpful
4
Replies

ASA 5512 Dual Homed and Failure Notification

Timohamoto
Level 1
Level 1

Hi everyone! Here is my quetions:
 - We have 4 ASA 5512, each ASA have dualhomed connection to the Internet. Each ASA have 3 tunnels to other ASA.
How to configure backup action:
1) If one ISP goes down, second links comes up and tunnel reistablished?
2) If main ISP link comes up - tunnel reistablished from main connection
3) Does It possible to send any kind of notification from ASA if any of ISP goes down. (any type of build in email client which can send email )
4) If all of that possible, does it possible to emulate in GNS3 to check how it's works

 

Screen Shot 2018-10-05 at 23.12.41.png

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

One of client have same setup, but we used syslog message to track the VPN and syslog messages to syslog(running under linux).

cron job keep checking the logs, if the log found VPN failed one, send email to user.

 

 

Personally i have not tried  below method, this thread may help you :

https://community.cisco.com/t5/firewalls/how-do-i-configure-asa-5520-to-send-snmp-trap-when-ip-sla/td-p/1913651

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji! Good solution about checking status with Cron.

So... Here is still main question
How to configure ASA for creating new VPN from backup link and get VPN back when main link is UP?

So... Here is still main question
How to configure ASA for creating new VPN from backup link and get VPN back when main link is UP?

 

As per your diagram i was in impression that you already have 2 VPN's configured working.

 

You configure same way the primary tunnel configuration only change here different ISP and remote end IP address and ACL.

 

Once both the tunnel up and running, you can use IP SLA to track the VPN links, So example ISP1 VPN Primary do down, you track with IP SLA and configure to fail over to  Secondary ISP2 VPN Link.

 

You can also configure Preempt once the primary link stable you can route back the traffic back to Primary Link  depends on your requirement.

 

below example guide for IP SLA.

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118962-configure-asa-00.html

 

Hope this what you looking for ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

You described situation perfectly! So now will try emulate that situation in GNS3 and will back with answer
Review Cisco Networking for a $25 gift card