ā04-14-2011 03:18 AM - edited ā03-11-2019 01:20 PM
Dear all ,
We have got site to site VPN configured between local site with PIX515 6.3(5) and remote site with ASA 5505 7.2(4) . Because of very unreliable internet connection in remote site , we have added new ISP link which we want to use as redundant link .
i understand ASA 5505 can be configured with two ISP link with SLA monitor method for redundancy as per this document ,
my question is how do i set up this pix 515 to have redundant VPN tunnel with remote site (when primiary ISP link fails in remote site and secondary ISP links takes over ) . I was thinking of using PIX 515 with 2 peers in same crypto map used for that sepcific site to site vpn tunnel,not sure that is the right way or not though.But how would i configure ASA 5505 to use backup interface(where secondar isp router conects ) to particitae in Site to site Tunnel .
Hope i explained my situation ok to understand ..Help on this would be greatly appreciated .
Thanks
ā04-14-2011 04:53 AM
Hi,
On the PIX your crypto map entry will have to peers.
On the ASA, you will have the crypto map entry associated with the primary ASA and the same crypto map entry associated with backup link.
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
ā04-14-2011 08:32 AM
hi anisha ,
thanks for your reply ..
so, In ASA5505 , i would need to apply crypto map to backupinterface(that goes to backup isp router) as well as isakmp enable .i understand that ...
but in pix 515 , i need to crypto set peer x.x.x.x y.y.y.y (x.x.x.x being primary ISP public ip and y.y.y.y being secondary ISP public ip) ,
but i also need isakmp key ******** y.y.y.y as well , dont I ??
and one more question i have pix 501 as well VPNing to this remote site . so I'm wondering does pix501 support crypto set peer x.x.x.x y.y.y.y command, i mean multiple peer in one crypto map ??
thanks
ā04-14-2011 08:56 AM
Yup, you will need isakmp key ******** y.y.y.y as wel.
I think configuring multiple peer is supported on the PIX.
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/ipsecint.html#wp1045462
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
ā04-15-2011 07:19 AM
Thanks Anisha , I'll let you know how it goes after i test it ..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide