Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
1
Replies

IPSEC tunnels to failover in a Single ASA pair

wipro
Level 1
Level 1

‎03-10-2011 03:41 AM - edited ‎03-11-2019 01:04 PM

Hi,

I have 2 routers connecting our 2 branch offices, an E1 link connects from each router to 2 diff office. Here is a requirement of encrypting the traffic on both links in both routers. Both the routers connected to firewall in HO and individual firewalls in other side ( 2 diff Fw's in other side). Objective is to create a IPSEC tunnel via both the E1 and it should failover automatically in case of link failures. Pls guide me to how do i achieve this, destination is common on both E1's s i guess i can pull a network object to create a interesting traffic but not sure how to route the traffic keeping one link as primary and other as backup.

Cheers~Shiva

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-10-2011 07:23 AM

Hi,

You can configure IPsec tunnels via both interfaces.

By means of routing, there's a primary connection used to transport the VPN traffic.

If this link fails, routing will chose the secondary connection to build the tunnel and pass the traffic.

If you're not using a dynamic routing protocol, you can use static routes with object-tracking to accomplish the same.

Hope it helps.


Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card