cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1308
Views
0
Helpful
1
Replies

Secondary VPN tunnel for the same source and destination

Madhan Kumar
Level 1
Level 1

Team,

I have a requirement. I am having a Site-Site vpn tunnel to one of client and up and running. Now my client came with one more different service provider for high availability with one more Firewall. Meaning new Peer IP with different firewall. But the inside servers are same.

From my side source and destination are same and I have to create a one more tunnel for the new peer IP. My qs is since the source and destination are same I belive at a time only one tunnel will take forward the traffic. If I want tp test the secondary tunnel I have to remove the primary tunel and check?.

Can anyone can help me on this typical requirement.

Thanks

MADHANKUMAR

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

I believe you are correct - only one or the other can work from your end but not both. The "interesting traffic" will go over the VPN based on first match in your ASA configuration.

Site-site VPNs don't do deal well with dual providers where the provider circuits terminate directly on a Cisco firewall since its routing capabilities are pretty rudimentary. It's usually preferable to terminate multiple providers into an external router that can run BGP or such to choose the best path. But that sort of assumes you have a provider-independent network address of your own.