<p>I have a L2L VPN that goes from the head end of a ASA failover pair to a remote ASA failover pair. There is nothing wrong with the VPN tunnel or access to any of the network EXCEPT the standby ASA on the remote side.</p>
<p>I am trying to access the remote standby device going over the tunnel (and so is tacacs/ciscoworks/ehealth etc). I believe the packets are getting to that firewall just fine, but when it tries to route back home it sends the packet out the outside interface, because the primary has a tunnel established on the outside interface. This is when the packet just dies and gets lost.</p>
<p>How can I get the standby ASA to use the active ASA's vpn tunnel when sending packets destined for something on the other side of that tunnel? There has to be a magic cisco command that does this correct?</p>