Re: failover for Site to Site VPN

raghavendra.pn · ‎11-25-2010

Hi,

I have configured ISP failover on ASA 5510 its working fine, when Primary ISP fails, Traffic is shifting to secondary ISP. On the ASA i have configured Site to Site VPN its working fine on primary ISP, Can any body suggest me when failover happens to the secondry ISP. Site to Site VPN should work on the secondry ISP.

regards,

Raghu

Federico Coto Fajardo · ‎11-25-2010

Hi,

If the ASA has two interfaces connecting to two ISPs then you can have redundancy (if one ISP fails, the other starts working).

With IP SLA you can track the connection to have the ASA fallback to the primary ISP when it recovers.

Regarding the VPN, the crypto map should be applied to the backup interface so that when the routing triggers the backup ISP, the tunnel will be establish to the backup interface on the ASA.

If it's a site-to-site, the other end of the tunnel should have the peer set to the primary connection of the ASA and have a secondary peer set to to the backup connection.

Hope it makes sense.

Federico.

raghavendra.pn · ‎11-25-2010

Hi,

Redundancy of ISP is working fine, Now i need to configure the Site to Site tunnel For secondry link,

Thanks for the Replay, Please provide me any doucment to configure the secondry peer.

Thanks & Regards,

Raghu

msingh2007 · ‎04-15-2013

Hello

How do you set this up?