Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
885
Views
0
Helpful
1
Replies

VPN Concentrator redundancy / failover

rajibchicago
Level 1
Level 1

‎11-16-2009 08:46 PM - edited ‎03-04-2019 06:44 AM

We had one VPN concentrator (3000 ip 170.48.29.xx) in our main datacenter, currently we are establishing a second data center in another city, we will have an ASA (ip 69.87.39.xx) as VPN concentrator for the 2nd data center. All our users (S2s, vpn client) now connect to the main VPN concentrator (ip 170.48.29.6), if possible I would like to use the ASA as the failover VPN concentrator, if the primary one fails, it will take over as the primary without any user (end point) configuration change. Is this possible?

Thanks for your help.

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎11-20-2009 02:32 AM

For Remote Access VPN using the IPSec VPN client I believe that it is possible to have the ASA function as the backup concentrator and for users to connect to it automatically if the primary is not available and not require any config change in the client. The IPSec client has a parameter for backup concentrator and the 3000 concentrator can be configured to push the address of the ASA as the backup to the client. I have configured this for some customers and it works quite well.

For site to site VPN I do not believe that it is possible to have the ASA function as backup without config changes. Depending on the capabilities of the device at the other end of the site to site VPN you may be able to configure a second peer address in the crypto map which would allow the device to use the ASA if the 3000 is not available. But that certainly requires a config change.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Top