Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
822
Views
5
Helpful
1
Replies

VPN as backup of direct link connection

Go to solution
sistemaspcsnet
Level 1
Level 1

ā€Ž03-22-2012 02:29 AM

Hello,

We have a direct connection between to sites running ASA in both of them, we want to setup a VPN as backup of direct link, are there any trick to do it?

Now we are routing traffict between sites by one interface and static routes, we donĀ“t know how to setup right metrics to VPN as backup.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

ā€Ž03-22-2012 06:56 AM

Hi,

If using a separate interface for the backup VPN tunnel and using static routes, you can use IP SLA on the ASAs to track the primary interface and use it while it's up.

The IP SLA will track and use the backup interface (triggering the backup tunnel) when something goes wrong on the primary link.

Just as in Cisco IOS, the IP SLA is tied to a track object which in turns look at the static routes.

The priority is handled by setting the AD manually on the static routes.

As well, when the primary links recover, it will be used again (since it's preferred).

Hope it helps.

Federico.

View solution in original post

1 Reply 1

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

ā€Ž03-22-2012 06:56 AM

Hi,

If using a separate interface for the backup VPN tunnel and using static routes, you can use IP SLA on the ASAs to track the primary interface and use it while it's up.

The IP SLA will track and use the backup interface (triggering the backup tunnel) when something goes wrong on the primary link.

Just as in Cisco IOS, the IP SLA is tied to a track object which in turns look at the static routes.

The priority is handled by setting the AD manually on the static routes.

As well, when the primary links recover, it will be used again (since it's preferred).

Hope it helps.

Federico.

Customers Also Viewed These Support Documents