Failover VPN between Cisco ASA5505 & 2 x Cisco IOS routers
I have an issue where we have a single ASA5505 [soon to be active/standby with single ISP] connecting to HQ where there are 2 x Cisco 2821's. Each 2821 router has it's own connection to the internet running BGP and each router is setup to terminate IPSEC VPN's from the ASA. The ASA has a backup VPN configuration with no IP SLA configuration to track if the Primary IPSEC endpoint is alive. Keep alives are set and the VPN does failover to the backup.
When the primary 2821 internet connection fails the ASA fails over to the backup 2821 and everything works a dream. However when the primary internet link re establishes to the primary 2821 the ASA does not fail back to the primary 2821 it stays on the backup 2821 and all is broken as the remote site starts forwarding traffic out the BGP default route - which is back via the primary connection...
How do I fix this so that the ASA tracks the IP of the primary router to failback without manual intervention - clearing isakmp and ipsec sa's?
The other issue is the ASA does not allow traffic to be orignated from the 2821 end of the VPN. You have to establish traffic from behind the ASA for the IPSEC sa to be created.
Inviting all Security & Networking professionals! We want you to tell us what devices you use to do your work and its screen resolution. Your response will help us improve network and security management tools.
Click here to take the 5-minute s...
This guide is intended to show some nifty and powerful use cases that a lot of customers either want or don’t know they want. There are tons of other content out there for specific knobs or capabilities, but this is looking to be a more complete...
Since ASDM 7.12(2) I am no longer able to run ASDM on CentOS 7 using javaws. It appears to launch and dies. However, I am now running ASDM directly in java and it works fine.First attempt "javaws https://<ip of firewall>/admin/public/asd...
User Experience Enhancements
Expansion of Activity Descriptions
Activity Descriptions provide more context and help with understanding and security implications of suspicious Activities. With this update, we are expanding the coverage to a vast majority o...