cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
878
Views
0
Helpful
1
Replies

correct way of adding backup to site to site vpn on ASA

carl_townshend
Spotlight
Spotlight

Hi All

Can anyone tell me the correct way of adding a second peer in the ASA as a failover to an site to site vpn.

Is it a case of just adding a second peer in the crypto map?

Do we also need to add a tunnel group for each endpoint and add it to one group policy ?

cheers

1 Reply 1

Muhammad Awais Khan
Cisco Employee
Cisco Employee

Hi,

 

You have multiple options and both should work.

 

One option is to add another sequence in same crypto map with matching same ACL with different peer.

 

Other option as you specified is to add multiple peers in same statement but as per some doc it is supported with IKEv1 only

 

I believe adding second peer in different  sequence of same crypto map will give more control. It will be used only if 1st sequence number got failed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: