09-06-2023 01:44 AM - edited 09-06-2023 01:45 AM
Hello,
We have two data centers (HQ and DR) and our customers have two data centers (HQ and DR).
We have a requirement to create VPN tunnels from our data centers to the customer data centers
with maximum redundancy. My initial plan was to create total 4 tunnels as below.
Tunnel A from Local HQ --> Remote HQ
Tunnel B from Local HQ --> Remote DR
Tunnel C from Local DR --> Remote HQ
Tunnel D from Local DR --> Remote DR
The VPN firewall is Cisco ASA on all the sites (our sites and the customer sites). The issue that I am seeing
with this design is with the tunnel selection. For example when traffic reaches local HQ ASA, how does it can choose
which tunnel to send the traffic when the source and destinations are the same. I have doubt as well whether we can create
4 tunnels as the source and destination are the same. Please advise and suggest the best design approach for the requirement.
Thanks
Shabeeb
09-06-2023 01:51 AM
if the 4 ASAs are relatively recent you could use VTIs and exchange routes between them, at that point is all about setting the right BGP metrics to favor traffic flow as your design choice.
09-06-2023 02:06 AM
Hello Giovanni,
Thanks a lot for your response. The issue is that the remote entity will not be flexible enough to run BGP with us. They would be preferring static routes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide