cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

141
Views
0
Helpful
1
Replies
Beginner

Site to site with load balencing

We have a setup like the attachment,

my primary switch for vlan 170 (192.168.170.0) directly connected with Router 2600 and internet working perfactly. and for other subnets (vlan 180,190,200,160) is other switch which is directly connected to firewall so internet for other subnet is working perfactly no problem in this.

we have run a site to site ASA to ASA for all the subnets.( given a route for 10.10.10.0 on switch 1 to go via firewall.

now actual problem start, if we have establish a site to site on router differently for 170 subnet and then internet or tunnel goes down then how this traffic will divert on ASA, how 170 subnet will be able to access 10.10.10.0 remote subnet.

Thanks in advance

1 REPLY 1
Cisco Employee

Site to site with load balencing

You can't configure the same subnet 192.168.170.0/24 going to the same remote ASA because the ASA will not know whether to send the traffic to the router or the ASA.

What you can do is to configure 1 site-to-site VPN tunnel, with 2 set peer (router as the first peer and ASA as the second peer).

you would need to run dynamic routing protocols to divert the traffic to go to the ASA if your router is down.