We are using route based VPN with IKEv2 on VTI interfaces on Cisco ASA, netmask is /30. Now we are planning on to migrate to Active/Failover cluster. Is it necessary to create a standby ip on a Tunnel interface or it will work fine without it? How can it affect failover if there is no standby ip on the Tunnel interface?
Hi, Only the physical interfaces should require a standby IP address, not the tunnel interface. When failover occurs the VTI will move to the new primary ASA.
Hi, Only the physical interfaces should require a standby IP address, not the tunnel interface. When failover occurs the VTI will move to the new primary ASA.
HTH
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
