I was asked to implement backup s2s tunnels between HQ and remote site.
At HQ there is a 5510 ASA with a fixed public IP address on outside interface.
At Remote there is ASA 5505 with a fixed public IP address on outside (towards fiber internet access) and a 2921 rotuer with 4G module.
The 4G module is assigned a dynamic public IP.
The goal is to have a primary s2s between ASA at HQ and ASA at Remote and a secondary s2s between ASA at HQ and 4G at Remote.
Configuration on Remote should be simple:
- S2s on ASA5505 peering with public IP at HQ
- S2s on c2921 (via 4G) peering with public IP at HQ
- Static route towards ASA5505 with tracking on internet access via fiber (if connection is lot traffic will be rerouted to 4G module on 2921)
The problem is, however, on ASA 5510 at HQ.
If there were 2 fixed public IPs at Remote (one on ASA and one on 4G) the setup at HQ would need to include:
#crypto map NAME xx set peer “primary peer” “secondary peer”
In my case the secondary IP is dynamic IP and it’s configurable with a command above.
Anyone ever did it? Please let me know if you have any tips.
Many thanks to all who at least read this post J