Solved: Redundancy VPN Site to Site using with dual ISP on cisco ASA - Page 2

Sotheng Se · ‎06-09-2014

Dear Supporter,

Could you help me to provide configuration for network diagram as in attached file.

I'm appropriate with your help.

thank you

Best Regards

Sotheng Se · ‎06-16-2014

Dear nkarthikeyan,

Any update for my issue?

thank you

Best Regards,

sotheng

Sotheng Se · ‎06-19-2014

Dear nkarthikeyan,

Could you let me know about my issue?

it is also urgent issue.

thank you

Best Regards,

sotheng

nkarthikeyan · ‎06-19-2014

Hi Sotheng,

I have tried to setup a lab on that. But i was nt able to succeed with that due to some issues. I will try to do it again... but i cannot ensure that i will be able to succeed with that today also....

But on your configuration wise... It seems all okay.....

HTH

Regards

Karthik

Sotheng Se · ‎06-19-2014

Dear nkarthikeyan,

It's Ok for that.
Take your time!!!!

Anyway, thanks so much for your quick support and respond

thank you

Best Regards,

sotheng

Sotheng Se · ‎06-22-2014

Dear nkarthikeyan,

Any update for my issue?

thank you

Best Regards,

sotheng

nkarthikeyan · ‎06-22-2014

Hi Sotheng,

Yes I am doing a lab on that. But i am getting closely the same result as you get... am getting 6 to 8 RTO during this fall back. I will let you know if i get any idea for reducing the RTO.

Regards

Karthik

Sotheng Se · ‎06-22-2014

Dear nkarthikeyan,

Thank so much for your quick respond. Now my customer want to close this case as soon as possible because it takes many days ago. Could you let me know as soon as possible whether it can reduce the RTO or not?

thank you

Best Regards,

sotheng

nkarthikeyan · ‎06-23-2014

Hi Sotheng,

I suggest you to get the Cisco TAC case raised for this. They might be able to investigate and suggest to improve the performance. Thanks!!!

Regards

Karthik

Sotheng Se · ‎06-23-2014

Dear nkarthikeyan,

Thank for your help!!!!!!

Best Regards,

sotheng

nkarthikeyan · ‎06-26-2014

Hi Sotheng,

I have got a clue to minimize the RTO over VPN fall back option.... can you try like the below for both the tunnels on both the ends with same configurations.... this actually helps in improving dead peer detection quite earlier than the usual time taken. you have to make changes in tunnel-groups at both the ends. try this out and let me know if this helps in improving the performance.

tunnel-group <peer ip> type ipsec-l2l
tunnel-group <peer ip> ipsec-attributes
isakmp keepalive threshold 10

Regards

Karthik

Sotheng Se · ‎06-27-2014

Dear nkarthikeyan,

I tested the step that you provided me and the result is that:

When it switches from ISP1 to ISP2 it takes 30 to 35 second as before, but when it fall back ( from ISP2 to ISP1 ) it has only one timeout. Do you have any idea about this?

very very appreciate with your help!!!!

Thank for your help!!!!!!

Best Regards,

sotheng