cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
475
Views
0
Helpful
1
Replies

Dual home VPN tunnel question

Ronald Nutter
Beginner
Beginner

For disaster recovery purposes, we have two ASA's.  One is at our main corporate office, the other is at an offsite DR facility.  I have worked up a vpn configuration for the remote offices that should allow them to automatically failover to the DR facility if corporate goes offline for some reason.  My concern is with the ASA itself.  We have OSPF setup on each ASA that advertises the remote office subnets that connect to it.  Even if that office is not connected the ASA still advertises that it can route that subnet. 

Is there a way that we can only have the ASA advertise that it can route a subnet if a particular tunnel is up or do we need to use a manual procedure to fail over the remote endpoints to the DR facility ?

Thanks,

Ron

1 Reply 1

gatlin007
Enthusiast
Enthusiast

The ASA is a good firewall and IPSEC tunnel endpoint. 

For dual homed routing solutions a router with the firewall feature set is a better fit.  This gives the network advanced routing features, IPSEC and stateful inspection all on one box.


Christopher Gatlin
http://travelingtech.net

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers