We have a Cisco ASA with a vpn to a Meraki Firewall. The VPN can reach the Meraki over 2 different external interfaces for reduandancy.
We have setup 2 different connection profiles for each VPN to the Meraki, we have then used static routes with metrics to point the VPN traffic out of the relevant interface.
We did a test last night and it did not fail over.
Do we need to add the peer ip of the backup vpn under the primary crypto map?
Are the static routes being used here or does the crypto map decide which path the traffic takes?
Where is the LB or failover taking place? on ASA ? can you post the config of the snippet to understand the environment?
***** Rate All Helpful Responses *****
How to Ask The Cisco Community for Help
we have set fail over on both the meraki and asa firewall. do you need to use static routes in this case or is using only crypto maps enough ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: