Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1279
Views
10
Helpful
4
Replies

Multiple tunnel to same office using single peer address

Terence Payet
Level 1
Level 1

‎09-24-2014 11:15 AM

Hi experts,

I need to pick your brain on an upcoming project.

Basically we have a single ASA device currently connected to one of our partner office. They've recently been given orders by there security specialist to have a second tunnel as backup connected to our office (as per the attached diagram)

What they will do on their end is to have some kind of ip sla to monitor the primary VPN and then re route the traffic to the backup VPN.

But we only have one single ASA on our side. 

Question is:

1. Is it possible to configure multiple tunnel to same office using one peer address?

2. How will the two reacts with each other since they are connected to same office? Note that we will have same access-list on both tunnel.

 

Thanks to advise.

Regards

Terence

 

Labels:
Preview file
47 KB
0 Helpful
4 Replies 4

Terence Payet
Level 1
Level 1
In response to mvsheik123

‎09-24-2014 09:17 PM

Hi MS,

Many thanks for the link.

I will test the scenario today and will advise.

 

Thanks & Regards,

Terence

0 Helpful

nkarthikeyan
Level 7
Level 7

‎09-24-2014 11:54 PM

All you need is a different peer address at the other end..... As per your information they are going to have a two isp links and one will act as the primary and other as the backup..... at your end you have to do configuring tunnels for both peer addresses at the other end.... as you said ip sla and monitor will take care of the tunnel backup and switchover....

 

You can check my blog as well for dual s2s @ both ends..... if you have another ISP... you can configure dual vpn at your end as well.....

http://cuckoonetworks.blogspot.com/

 

When you have single ISP at one end and dual ISP at other end then....

http://networkology.net/2013/03/08/site-to-site-vpn-with-dual-isp-for-backup-redundancy/

 

Regards

Karthik

 

Terence Payet
Level 1
Level 1
In response to nkarthikeyan

‎09-25-2014 03:31 AM

Hi Karthik,

The link provided was excellent, but the thing is, they have two physical ASA each of them connected to different ISP's. From your examples, you have multiple ISP's connected to same physical ASA.

I know you have configure the ip sla on the ASA itself.

  • Will their be any impact when configuring the ip sla on their main router? 
  • Will the configurations be different, since they have two physical ASA on their end?

 

Many thanks 

Terence

0 Helpful
Customers Also Viewed These Support Documents