cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1049
Views
0
Helpful
3
Replies

ASA 5510 (2 outside interfaces for ISP & VPN Failover) Is it possible

joe90kane
Level 1
Level 1

Hi,

I have 2 ASA 5510's in A/P failover using the Management port.

I have failover setup for ISP failover

Int 0/0 (Outside) Primary

Int 0/1 (Inside)

Int 0/2 (Backup_DSL) Backup

Fail over is working perfectly in Int 0/0 goes down Int 0/2 comes up and I can access the internet but for some reason I am unable to bring up a VPN on Int 0/2 is it disabled by design on the 5510 (IOS 7.2)?

Tested for 4 hours with all possible options and can conclude there is some block on the interface stopping VPN's coming up.

Can anyone confirm???

Thanks, Joe

3 Replies 3

smitty6504
Level 1
Level 1

Do you have a secondary address setup in you VPN endpoints that tell it to use Int0/2 as a backup VPN connection and do you have the firewall open for the vpn ports?

Yes we are using 1841's for each site - we can see the VPN's dropping and trying to come up on the backup interface - but on the ASA ((NOTHING)) no messages & no phase 1.

If I put my backup in Int 0/0 and change IP addresses the VPN's come up perfect - which leads me to beleve its the actual physical int 0/2 but I could be wrong here??? Any ideas

I would start by posting your config. It sounds like the firewall is not permitting the connection but you should be able to see that in the debugging log. Can you ping the backup interface when it's in Int0/2 from the 1841's? To me it doesn't sound like a interface issue it sounds like a firewall or ACL issue. Make sure you have the following ports/protocols open or your ACL is written like this:

access-list 100 permit udp any host x.x.x.x eq isakmp

access-list 100 permit udp any host x.x.x.x eq non500-isakmp

access-list 100 permit esp any host x.x.x.x

access-list 100 permit ahp any host x.x.x.x

access-list 100 permit gre any host x.x.x.x

x.x.x.x is going to be your Int0/2 outside IP.

Review Cisco Networking for a $25 gift card