Redundant Site-to-Site VPN

ICT-Support · ‎08-18-2011

All,

Site A has two physical sites that are on the same flat network (the 10.0.0.0 / 255.255.224.0) range. These sites are linked together and they both have seperate Internet Connections.

Site B has one physical Internet Connection, and a cisco 5505. This currently has a site-to-site VPN between this site and one of the physical buildings in Site A.

How would I go about creating a second site-to-site VPN to the same network, for redundancy, should either Internet Connection go down (10.0.0.0), but by connecting to the connection to the second physical site within Site A?

Cheers.

Marcin Latosiewicz · ‎08-18-2011

Hi there,

Could you maybe provide a topology diagram of sita A and information about equipment there?

The 5505 has the possibility to input multiple peers under crypto map entry which should provide active/standby scenario. What might be problematic is routing on site A ;]

Marcin

ICT-Support · ‎08-18-2011

How's this?

Marcin Latosiewicz · ‎08-18-2011

Cool, that clears up the situation a bit.

Having two peers on the 5505 would to the trick, if primary would fail, you'd establish tunnel to second peer.

One of the possible problems you're going to face is to pick appropriate ISA to send traffic through to 10.0.64.0/23 subnet if the link fails.

On Cisco devices this can be easily solve with some route tracking, not sure how ISA would handle this :]

Marcin