02-27-2013 09:00 AM - edited 03-11-2019 06:06 PM
Hi All,
I'd just like to get your opinion on the a weird set up.
I have site A and site B which each have a ASA each. I create 2 VPNS from site A to site B.
My questions is. which VPN would be used for sending traffic? What would be the default behaviour of the ASA in terms of selecting which tunnel it would choose? would it load share?
I dont want to use NAT etc, I just want to know what would happen for lab interest. (My ASA is on loan so I cant test it).
I'm interested as in future I want to make VPN 1 primary and VPN2 as backup.
I look forward to you response
02-27-2013 09:35 AM
Hi,
I dont think you can have 2 L2L VPNs between the same 2 VPN endpoints (interfaces/IP addresses)
I guess you would need alot more than just the ASAs to create a redundant connection/routing between 2 sites while using L2L VPN.
Perhaps have
I must admit I havent had to do even one of these setups as we connect customer networks/sites through MPLS network and dedicated connections. Might be something interesting to lab though at some point.
- Jouni
02-27-2013 11:29 AM
Hi Jouni,
Thanks for your reply, Let me tweak the question a little. What if we had 1 ASA at site A, and 2 ASAs at site B. We woud then create 2 VPN tunnels:
tunnel1: Site A ASA1 to Site B ASA1
tunnel2: Site A ASA1 to Site B ASA2
So the problem is that Site A only has 1 ASA but with 2 VPN tunnels to the same subnet at Site B. How can we find out which VPN would be taken from Site A to Site B. There are 2 VPNS on Site A ASA so just wondering which one it would take to reach site B??? ... just a matter of interest rather than anything else.
02-27-2013 12:32 PM
So Site A ASA has a tunnel to each of Site B ASAs as peers and each peer encryption domain has the same subnet? This will depend on the order of the crypto maps you have configured because as soon as the interesting traffic is matched it will fire up that tunnel and it stops there. Is there any reason why you can't have one VPN peer as active and configure the second peer as the standby? I'm assuming you're trying to achieve some level of redundancy with 2 active VPN tunnels but I don't believe that will work with ipsec VPNs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide