Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
272
Views
1
Helpful
1
Replies

Is there a way to fail over from ASA Multi-Context 1 to 2?

BHUMOR
Level 1
Level 1

‎09-01-2024 08:46 PM

Is there a way to fail over from ASA Multi-Context 1 to 2?

For example, the customer has only one ASA.

The Peer Device for Site-to-Site VPN connected to Multi-Context 1 is down.
In this case, can VPN service be provided by Multi-Context 2 instead?

0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎09-10-2024 02:46 AM

You cannot create an HA (active / standby) configuration between contexts on the same ASA.  Failover can be done though.  For the easiest setup I would suggest using VTI site to site VPN with BGP / dynamic routing.  Then use the local preference and AS prepend and perhaps routemaps to manipulate traffic.

If you are dead stuck on using site to site with crypto policies, then you would need to have the remote side configure both public IPs for context 1 and 2 and then manipulate traffic either using secondary peer configuration or IP SLA.

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card