Solved: ASA5505 2nd tunnel to fail over to 2nd network

derek.pyle · ‎11-07-2014

Hello

We have remote sites using Cisco ASA5505s - we link into the Network via Data Centre 'A'. we now have a Disaster Recovery Server at Data Centre 'B' (in a different geographical Location) is it possible to configure the ASA5505 so that if Data centre 'A' goes down then the ASA5505 would pick up either automatically or on a reboot Data Centre 'B' (the peer address being different at each Data Centre)

help would be appreciated, many thanks in anticipation

derek

ghostinthenet · ‎11-10-2014

It is. Just set your backup crypto map to have a lower priority (higher crypto map number) than the primary one, but using the same definition ACL. When the primary fails to negotiate, the next one will be used.

View solution in original post

ghostinthenet · ‎11-10-2014

It is. Just set your backup crypto map to have a lower priority (higher crypto map number) than the primary one, but using the same definition ACL. When the primary fails to negotiate, the next one will be used.

derek.pyle · ‎11-13-2014

Many thanks Jody I will try that, I was also thinking about the use of DNS? have you any views on that please

derek

ghostinthenet · ‎11-13-2014

DNS typically doesn't work for security appliances. They like to have solid IP addresses, possibly because DNS will allow the potential for a VPN to be redirected to another host, compromising the security of the channel.