cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
237
Views
0
Helpful
1
Replies

IPSEC tunnels to failover in a Single ASA pair

wipro
Beginner
Beginner

Hi,

I have 2 routers connecting our 2 branch offices, an E1 link connects from each router to 2 diff office. Here is a requirement of encrypting the traffic on both links in both routers. Both the routers connected to firewall in HO and individual firewalls in other side ( 2 diff Fw's in other side). Objective is to create a IPSEC tunnel via both the E1 and it should failover automatically in case of link failures. Pls guide me to how do i achieve this, destination is common on both E1's s i guess i can pull a network object to create a interesting traffic but not sure how to route the traffic keeping one link as primary and other as backup.

Cheers~Shiva

1 Reply 1

Hi,

You can configure IPsec tunnels via both interfaces.

By means of routing, there's a primary connection used to transport the VPN traffic.

If this link fails, routing will chose the secondary connection to build the tunnel and pass the traffic.

If you're not using a dynamic routing protocol, you can use static routes with object-tracking to accomplish the same.

Hope it helps.


Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: