Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
2
Replies

ASA/PIX Redundant Tunnels with Separate Interfaces and ISPs?

steve.frank
Level 1
Level 1

‎07-14-2006 01:54 PM - edited ‎02-21-2020 01:02 AM

I have an ASA5510 at location 1, and a PIX at location 2. Location #2's PIX is on a multihomed BGP routing setup, so it's primarily covered for any issues.

Location 1 has 2 internet lines but each is routed independently and thus not multihomed. Can I take the ASA5510 and define 2 interfaces, one to each ISP, and designate one as the backup? Both would talk back to the Site #2 PIX. Is it possible to apply a crypto map like this? How do I deal with default gateway routing issues?

This is rather complicated for me.

0 Helpful
2 Replies 2

grant.maynard
Level 4
Level 4

‎07-14-2006 02:21 PM

V7.2(1) has "Standby ISP Support - This feature allows you to configure a link standby ISP if the link to your primary ISP fails. It uses static routing and object tracking to determine the availability of the primary route and to activate the secondary route when the primary route fails." See the Release Notes (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_72/rel_note/pixrn72.htm#wp186075) and CLI Config Guide.

I think VPNs would drop and need to be re-established. The PIX at site#2 would need two peers IPs for the ASA configured in the crypto map

0 Helpful

steve.frank
Level 1
Level 1
In response to grant.maynard

‎07-18-2006 05:38 AM

Fantastic! I was unaware of the new feature. I will investigate.

It wouldn't surprise me either if the VPN tunnel dropped and need to be restablished. Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card