cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
418
Views
0
Helpful
2
Replies
Highlighted
Beginner

ASA5505 Failover Issue (Static Routing)

Hi all,

Currently, we got one 5510 in main office A, another 5510 in main office B. And we also have a 5505 in branch office C.

In office A, IP range is 192.168.1.0/24

In office B, IP range is 192.168.2.0/24

In branch C, IP range is 10.10.1.0/24

I have configured two IPsec Site to Site VPN in each firewall.  A---B; A---C; B---C

Now, I want to configure branch C VPN failover, which means if Firewall A up and running. All 192.168.1.0 & 192.168.2.0 traffic will go S2S VPN between A and C.

If firewall A down, all traffic will go through secondray VPN between B and C.

So, how can I control the traffice by static route (Maybe the metic) in 5505?

Or any idea?

Thanks guys!

2 REPLIES 2
Highlighted
Cisco Employee

Perhaps you could use SLA route tracking (like in this post https://supportforums.cisco.com/message/3071388#3071388) and/or use backup peers (ie set two peers under the same crypto map sequence instead of having one peer in two different crypto map sequences).

Highlighted

Hi thanks for you information. however, I do not think that is SLA issue. (May be i am not right)

Because this is not two ISP, this is two IPsec tunnels.

I will try cypto map tonight and give a update to you.

Content for Community-Ad