cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
816
Views
0
Helpful
1
Replies
Highlighted
Beginner

Secondary VPN tunnel for the same source and destination

Team,

I have a requirement. I am having a Site-Site vpn tunnel to one of client and up and running. Now my client came with one more different service provider for high availability with one more Firewall. Meaning new Peer IP with different firewall. But the inside servers are same.

From my side source and destination are same and I have to create a one more tunnel for the new peer IP. My qs is since the source and destination are same I belive at a time only one tunnel will take forward the traffic. If I want tp test the secondary tunnel I have to remove the primary tunel and check?.

Can anyone can help me on this typical requirement.

Thanks

MADHANKUMAR

1 REPLY 1
Highlighted
Hall of Fame Guru

Secondary VPN tunnel for the same source and destination

I believe you are correct - only one or the other can work from your end but not both. The "interesting traffic" will go over the VPN based on first match in your ASA configuration.

Site-site VPNs don't do deal well with dual providers where the provider circuits terminate directly on a Cisco firewall since its routing capabilities are pretty rudimentary. It's usually preferable to terminate multiple providers into an external router that can run BGP or such to choose the best path. But that sort of assumes you have a provider-independent network address of your own.