Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
0
Replies

ASA dual-path: IPSEC & frame-relay

abatson
Level 1
Level 1

‎08-13-2013 11:47 AM - edited ‎02-21-2020 07:05 PM

Greetings; 

I've read the notes in the following article, and I'm trying to do something similar, that I will describe...

https://supportforums.cisco.com/thread/2086955

I have a remote site to which I will build an IPSEC tunnel, terminated at the Outside Interface.   I also have a frame-relay conection to that same site, and that router is connected at interface "DMZ".  My prime path is going to be the IPSEC tunnel, and I understand it uses the ACL on the tunnel to 'route' traffic into it.  The backup path is going to be the frame-relay, using  a static route.    I might not even need to use the SLA-monitor method, since when the IPSEC tunnel goes down, the static route to the site over the DMZ interface (via frame-relay) will take over.    This begs the question:  what trumps what:   An ACL on an IPSEC tunnel, or a static route?    Which is preferred over the other?

I just need the primary path to be the IPSEC tunnel, and the backup path to be frame-relay.  --the path will move back to IPSEC when it becomes available again, after a failure....

Thanks!

Alex in MD.

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents