We had one VPN concentrator (3000 ip 170.48.29.xx) in our main datacenter, currently we are establishing a second data center in another city, we will have an ASA (ip 69.87.39.xx) as VPN concentrator for the 2nd data center. All our users (S2s, vpn client) now connect to the main VPN concentrator (ip 184.108.40.206), if possible I would like to use the ASA as the failover VPN concentrator, if the primary one fails, it will take over as the primary without any user (end point) configuration change. Is this possible?
For Remote Access VPN using the IPSec VPN client I believe that it is possible to have the ASA function as the backup concentrator and for users to connect to it automatically if the primary is not available and not require any config change in the client. The IPSec client has a parameter for backup concentrator and the 3000 concentrator can be configured to push the address of the ASA as the backup to the client. I have configured this for some customers and it works quite well.
For site to site VPN I do not believe that it is possible to have the ASA function as backup without config changes. Depending on the capabilities of the device at the other end of the site to site VPN you may be able to configure a second peer address in the crypto map which would allow the device to use the ASA if the 3000 is not available. But that certainly requires a config change.
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions
With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper...
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion
Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti...
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ...
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes.