Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1316
Views
0
Helpful
1
Replies

Secondary VPN tunnel for the same source and destination

Madhan Kumar
Level 1
Level 1

‎08-21-2013 03:59 AM

Team,

I have a requirement. I am having a Site-Site vpn tunnel to one of client and up and running. Now my client came with one more different service provider for high availability with one more Firewall. Meaning new Peer IP with different firewall. But the inside servers are same.

From my side source and destination are same and I have to create a one more tunnel for the new peer IP. My qs is since the source and destination are same I belive at a time only one tunnel will take forward the traffic. If I want tp test the secondary tunnel I have to remove the primary tunel and check?.

Can anyone can help me on this typical requirement.

Thanks

MADHANKUMAR

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-21-2013 05:50 AM

I believe you are correct - only one or the other can work from your end but not both. The "interesting traffic" will go over the VPN based on first match in your ASA configuration.

Site-site VPNs don't do deal well with dual providers where the provider circuits terminate directly on a Cisco firewall since its routing capabilities are pretty rudimentary. It's usually preferable to terminate multiple providers into an external router that can run BGP or such to choose the best path. But that sort of assumes you have a provider-independent network address of your own.

0 Helpful
Customers Also Viewed These Support Documents