Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1072
Views
0
Helpful
1
Replies

Domain based IPSEC VPN

ydcnetwork
Level 1
Level 1

‎05-29-2012 09:08 PM - edited ‎02-21-2020 06:05 PM

Hi,

Currently we are having a 2 ISP for Internet. Need to achieve redundancy for IPSEC VPN using the domain.

Requirement :

  1. Will configure a domain and assign two public IP address from 2 service providers. Will set the priority for the public ip address and do the manual change during the ISP failure.
  2. We will provide the domain name to the clients to setup the IPSEC VPN.
  3. So incase of failure by one ISP, we will change the priority in the domain to point to the availble address.
  4. So that we can reduce the downtime and no need of configuring new IPSEC VPN tunnels.

Question :

  1. Whether we can achieve this in Cisco ASA 5520.
  2. Or do we have an alternate solution to overceome this solution.

Can some one helup us.

Labels:
0 Helpful
1 Reply 1

Suresh Varghese
Level 1
Level 1

‎05-30-2012 06:06 AM

Hi,

I am not sure about domains but yes you can achieve redundancy between 2 ISP links over IPSec VPN.

I have done the same and is in production.

The only differnce is i am using a 2851 rtr with 2 different links from 2 different ISP,

u will need to create a loopback tunnel to the peer IP and set it for session based.

We have also encrypted the link by using crypto on both the interfaces.

Thanks

0 Helpful
Customers Also Viewed These Support Documents