Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1388
Views
0
Helpful
4
Replies

Site to Site VPN between PIX515 and ASA 5505 with dual ISP

binaghimire
Level 1
Level 1

ā€Ž04-14-2011 03:18 AM - edited ā€Ž03-11-2019 01:20 PM

Dear all ,

We have got site to site VPN configured between local site with PIX515 6.3(5) and remote site with ASA 5505 7.2(4) . Because of very unreliable internet connection in remote site , we have added new ISP link  which we want to use as redundant link .

i understand ASA 5505 can be configured with two ISP link with SLA monitor method for redundancy as per this document ,

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

my question is how do i set up this pix 515 to have redundant VPN tunnel with remote site (when primiary ISP link fails in remote site and  secondary ISP links takes over ) .  I was thinking of using   PIX 515 with 2 peers in same crypto map used for that sepcific site to site vpn tunnel,not sure that is the right way or not though.But how would i configure ASA 5505 to use backup interface(where secondar isp router conects ) to particitae in Site to site Tunnel .

Hope i explained my situation  ok to understand ..Help on this would be greatly appreciated .

Thanks

Labels:
0 Helpful
4 Replies 4

andamani
Cisco Employee
Cisco Employee

ā€Ž04-14-2011 04:53 AM

Hi,

On the PIX your crypto map entry will have to peers.

On the ASA, you will have the crypto map entry associated with the primary ASA and the same crypto map entry associated with backup link.

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

0 Helpful

binaghimire
Level 1
Level 1
In response to andamani

ā€Ž04-14-2011 08:32 AM

hi anisha ,

thanks for your reply ..

so, In ASA5505 , i would need to apply crypto map to backupinterface(that goes to backup isp router) as well as isakmp enable .i understand that ...

but in pix 515 , i need to crypto set peer x.x.x.x y.y.y.y (x.x.x.x being primary ISP public ip and y.y.y.y being secondary ISP public ip) ,

but i also need isakmp key ******** y.y.y.y as well , dont I ??

and one more question i have pix 501 as well  VPNing to this remote site . so I'm wondering does pix501 support crypto set peer x.x.x.x y.y.y.y command, i mean multiple peer in one crypto map ??

thanks

0 Helpful

andamani
Cisco Employee
Cisco Employee
In response to binaghimire

ā€Ž04-14-2011 08:56 AM

Yup, you will need  isakmp key ******** y.y.y.y as wel.

I think configuring multiple peer is supported on the PIX.

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/ipsecint.html#wp1045462

Hope this helps.

Regards,
Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

0 Helpful

binaghimire
Level 1
Level 1
In response to andamani

ā€Ž04-15-2011 07:19 AM

Thanks Anisha , I'll let you know how it goes after i test it ..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card