Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
3
Replies

ASA Dual VPN with routing

bryant496
Level 1
Level 1

‎01-26-2021 12:48 AM

Hey all,

 

So I have a small site which I have stood up with dual WAN connections. Initially installed DSL on site, but the speeds are not great to ended up with a LTE connection via a Meraki MG21E (5 times better speeds). Both connections will site to site VPN traffic back to HQ, using a tracker to monitor LTE connection before fail over.

The site itself is primarily a unmanned location except for an incident happening on site, but we have since boarded some local camera feeds via the site, which is producing a high volume of traffic.

Is there a way I could use both connections to host a VPN back to the same place and then route our CCTV subnet over the DSL line?


Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2021 02:59 AM

You can do below approach :

 

1. You can do PBR to send Certain Traffic to VPN1 and other Traffic to VPN2

2. If one of VPN Down you can fail over to other VPN with IP SLA Tracking. ( make sure you need also same mechanism available on HQ)

 

here is some Links for guidance to start :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.html

https://community.cisco.com/t5/vpn/dual-isp-failover-for-s2s-vpn/m-p/4094917

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

bryant496
Level 1
Level 1
In response to balaji.bandi

‎01-26-2021 03:39 AM

Sorry maybe a misunderstanding.

So I have 2 internet connections (LTE and DSL), currently I have 1 site to site VPN with both interfaces in, but currently use a tracker to fail over the VPN.

So I want to know if I can have both connects in an active VPN back to the same place and then router CCTV over the DSL, but still allow site to use the LTE and track for a failover.
I wasn't sure if I can have both interfaces stand up a VPN to the same head at the same time
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2021 07:21 AM

If the VPN Termination IP is different

 

x.x.x.x --vpn 1-- y.y.y.y.y

b.b.b.b - vpn2 - c.c.c.c

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents