cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
127
Views
0
Helpful
4
Replies
Highlighted

ASA5505 to ASA-5510 Failover VPN Configuraton

how best to configure a second VPN tunnel through an alternative carrier, for fail over.  Both tunnels would be going to the same distant Site to Site network.   Is there a way to apply a metric or monitor the tunnel so that if choice one is unavailable choice two would take over.   Can you point me to sample configuration  preferably with ADSM?  

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

Hi Stewart,

Please check this link for the same:

https://supportforums.cisco.com/blog/150001

Regards,

Aditya

Please rate helpful posts and mark correct answers.

View solution in original post

Highlighted

Hi Stewart,

You can disable the VPN in tunnel-group connection profiles settings.

Attached is the screenshot for the same and i have highlighted the settings you need to disable.

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Hi Stewart,

Please check this link for the same:

https://supportforums.cisco.com/blog/150001

Regards,

Aditya

Please rate helpful posts and mark correct answers.

View solution in original post

Highlighted

What is the simplest way to dis-able a VPN tunnel?   Change the protocol, change the networks?   Other devices have a simple enable/disable check box.  I note in ADSM,  it is not that imple.   If the default policy is shared, you can not just disable it, as it will impact all that share that profile!   So if you configure a second tunnel to the same remote network over a VPN, how to best temporarily disable one, to test the other?

Highlighted

Hi Stewart,

You can disable the VPN in tunnel-group connection profiles settings.

Attached is the screenshot for the same and i have highlighted the settings you need to disable.

View solution in original post

Highlighted

This will work but you need to note that it will effect all VPN that use that tunnel group.  So make sure you dont use the wizard as it will use the default policy!  You will need to create the new VPN with a different policy!   Thank you Aditya!