Solved: Re: ASA5545-X IPSec VPN Configuration

Nikhil5 · ‎02-24-2023

Hello Folks,

We have got a new requirement from the client to configure IPsec S-2-S VPN with their 2 remote sites. This means at our end VPN is built on ASA 5545-X(managed by FMC) and the remote end is 2 client sites.

The encryption domains are the same at the client end and they have requested to configure this as Primary and Secondary VPNs.

Need your suggestions on how to achieve this since I don't see any option on FTD to configure primary/secondary VPNs.

Nikhil5 · ‎02-24-2023

Hi Guys, please ignore this as we got to know how to achieve this. There is an option to add a backup peer IP. I didn't notice initially. Anyways, thanks for your response.

View solution in original post

MHM Cisco World · ‎02-24-2023

use hub and spoke if you have two remote site

Nikhil5 · ‎02-24-2023

Thanks, @MHM Cisco World . I did look at the HUB and Spoke option but I am not sure if it will work as Primary and secondary meaning, both VPNs will use the same encryption domain but the VPN with one of the client sites is active and the VPN with another site will act as a fallback and will be active once the primary site goes down.

Can you please advise it this is possible by any chance?

MHM Cisco World · ‎02-24-2023

Configure Failover for IPSec Site-to-Site Tunnels with Backup ISP Links on FTD Managed by FMC - Cisco

Nikhil5 · ‎02-24-2023

Thanks, but this will not work because we are connected to a single ISP.

Nikhil5 · ‎02-24-2023

Hi Guys, please ignore this as we got to know how to achieve this. There is an option to add a backup peer IP. I didn't notice initially. Anyways, thanks for your response.

MHM Cisco World · ‎02-24-2023

glad your issue is solve.
have a nice day