Re: ASA backup server command

yussetamayo · ‎07-02-2008

I know you can define a backup server when you are configuring a remote client on the asa and the client download the backup server's ips. the question is if you can define the same when you are configuring a site-to-site vpn????

andrew.prince · ‎07-04-2008

Yusset,

AFAIK - you cannot use this feature for l2l connections.

HTH.

yussetamayo · ‎07-04-2008

Umm so the only way i can do something like that is using L2 tunnel with dinamyc ip address??

andrew.prince · ‎07-04-2008

In my opinion if you want a failover network with VPN's the ideal way would be with a dynamic routing protocol over GRE tunnels in the VPN's. This is was I have with +100 VPN tunnels, using EIGRP, GRE tunnels and VPN's.

HTH.

a.alekseev · ‎07-04-2008

Yes, you can but with some restritions.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c5.html#wp2152979

crypto map mymap 10 set peer 10.0.0.1 10.0.0.2

yussetamayo · ‎07-04-2008

The idea is, two coming vpn from internet, ending in two diferent asa, if one of them goes down i want to set up a vpn in the other asa automatically

a.alekseev · ‎07-04-2008

with such redundancy, I mean

"crypto map mymap 10 set peer 10.0.0.1 10.0.0.2"

Ð¾nly remote ASA can initiate connection.

asa1

|____________remote_asa

|

asa2