10-20-2019 06:08 PM - edited 02-21-2020 09:46 PM
I'm using the ASA 5516.
ASA and ASA are connected on a dedicated line, and two lines in different bands are connected to the ASA interface.
I would like to use IPSEC VPN and will use IKE V2.
What I'm curious about here is that if Line 1 loses its VPN connection, I'd like to automatically enable Line 2's VPN connection
What else do I need to allocate two Peer IPs?
Do I need additional ACL or Routing settings?
Tell me what you need to be able to be a failover naturally. I beg you.
Thanks
10-20-2019 10:08 PM
Hi,
Here is a good configuration example:
10-21-2019 04:46 AM - edited 10-21-2019 04:48 AM
Hello ,
Can you let us know if the 2 ASA is in HA mode or they are not . I have asked this because there is different ways to address these two type of setup .
Whilst considering the downtime in place on the second set up, it's worth to know that in HA mode , standby peer as already finished it own negotiation but the only clause is traffic is not passing through the tunnel until the active peer deny traffic in down state.
Let me know if this help your understanding.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: