Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1651
Views
0
Helpful
1
Replies

Best Way to handle site to site VPN Redundancy

drikilbride
Level 1
Level 1

‎06-14-2010 04:00 AM - edited ‎03-11-2019 10:59 AM

Hi All

Just wondering what is the best way to handle VPN site to site redundancy?

Say for example I have Site A (main site) and Site B (remote site). If the WAN link for some reason fails on Site A I need it so that Site B would use the Wan link of another ASA I have on a different ISP's link.

I need it so that at all time Site B has full VPN access back to the main site.

I'm using ASA's on both ends.

Thanks

Labels:
0 Helpful
1 Reply 1

edadios
Cisco Employee
Cisco Employee

‎06-14-2010 06:28 PM

You need to setup like per this document :

http://www.cisco.com/en/US/customer/docs/security/asa/asa82/command/reference/c5.html#wp2238363

http://www.cisco.com/en/US/customer/docs/security/asa/asa82/configuration/guide/ike.html#wp1121157

######

To configure a backup Lan-to-Lan connection, we  recommend you configure one end of the connection as originate-only  using the originate-only keyword, and the end  with multiple backup peers as answer-only using the answer-only keyword. On the originate-only end,  use the crypto map set peer command to order  the priority of the peers. The originate-only security appliance  attempts to negotiate with the first peer in the list. If that peer does  not respond, the adaptive security appliance works its way down the  list until either a peer responds or there are no more peers in the  list.

######

Regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card