cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
237
Views
1
Helpful
1
Replies

Is there a way to fail over from ASA Multi-Context 1 to 2?

BHUMOR
Level 1
Level 1

Is there a way to fail over from ASA Multi-Context 1 to 2?

For example, the customer has only one ASA.

The Peer Device for Site-to-Site VPN connected to Multi-Context 1 is down.
In this case, can VPN service be provided by Multi-Context 2 instead?

1 Reply 1

You cannot create an HA (active / standby) configuration between contexts on the same ASA.  Failover can be done though.  For the easiest setup I would suggest using VTI site to site VPN with BGP / dynamic routing.  Then use the local preference and AS prepend and perhaps routemaps to manipulate traffic.

If you are dead stuck on using site to site with crypto policies, then you would need to have the remote side configure both public IPs for context 1 and 2 and then manipulate traffic either using secondary peer configuration or IP SLA.

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card