I don't think anyone will

tech.linkwave · ‎12-15-2014

Hello Friends,

I have 2 Cisco ASA5515 firewalls at head office, i have 2 ISP connections as well. and at my retail locations i have cisco C891 routers. my goal is to connect the both RETAIL location and HEAD OFFICE with each other over IPSec L2L VPN with load balancing and Fail over. Basically i want High Availability.

Attached is the network diagram. can someone send me the Example of CLI configuration for the same. i have attached the network diagram.

Retail locations:

Each location would be connected to Head Office with 2 tunnels, 1 is primary and 2nd is back up.

Head Office:

1st ASA 5515 is connected to 1st ISP

2nd ASA 5515 is connected to 2nd ISP

Each ASA 5515 will handle 60 tunnels, as i have 120 remote locations.

1st ASA 5515: first 60 + Backup for remaining 60 tunnels

2nd ASA 5515: Remaining 60 + backup for first 60 tunnels

So both will handle 120 tunnels. each would be primary for 60 and backup for remaining 60. if 1 goes down, 2nd will handle the entire 120 tunnels.

and at Head Office i have 20 users as well, and i want PAT load balancing with fail over for internal users.

Thanks,

Sandy

Michael Muenz · ‎12-16-2014

I don't think anyone will post you a complete solution for this.

Why don't you just start the EasyVPN Wizard on the ASA / ASDM for the two headends und then configure your 891 as EasyVPN Client with Dial Backup.

Everything is well documented!

Michael Please rate all helpful posts

Site to Site L2L VPN between ASA5515-IPS-K9 and Cisco C981