Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
5
Helpful
2
Replies

Multipoint Site to Site VPN with Cisco ASA

sreeraj.murali
Level 3
Level 3

‎09-26-2019 09:36 AM

Hi Experts

Have setup Site to Site VPN with Oracle Cloud from onpremise Cisco ASA. Now Oracle provides, 2 public peer IP address as failover mechanism. So i want to setup another standby-site to site vpn with Oracle cloud using same ASA Outside interface. Attaching the design, which i am looking for.

I tried creating the tunnel on ASA, with second Oracle public IP, but only the primary is coming up

 

Please advice, how i can achieve this ?

Thanks in advance

Sreeraj Murali

Labels:
Preview file
1 KB
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-26-2019 11:00 PM

When you have two remote peers for a given set of interesting traffic, the ASA will try them in the order they are enumerated in your crypto map statements. If the first one is successful, it will never use the second.

To test the second, either temporarily disable the first crypto map statement or shutdown the first interface in the cloud (if you're able). If you have an upstream router under your control you could also block (with ACL) the first remote peer address for testing purposes.

sreeraj.murali
Level 3
Level 3
In response to Marvin Rhoads

‎09-27-2019 05:33 AM

Sure, thanks for the solution, Let me try it out.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents