Site to Site L2L VPN between ASA5515-IPS-K9 and Cisco C981

tech.linkwave · ‎12-15-2014

Hello Friends,

I have 2 Cisco ASA5515 firewalls at head office, i have 2 ISP connections as well. and at my retail locations i have cisco C891 routers. my goal is to connect the both RETAIL location and HEAD OFFICE with each other over IPSec L2L VPN with load balancing and Fail over. Basically i want High Availability.

Attached is the network diagram. can someone send me the Example of CLI configuration for the same. i have attached the network diagram.

Retail locations:

Each location would be connected to Head Office with 2 tunnels, 1 is primary and 2nd is back up.

Head Office:

1st ASA 5515 is connected to 1st ISP

2nd ASA 5515 is connected to 2nd ISP

Each ASA 5515 will handle 60 tunnels, as i have 120 remote locations.

1st ASA 5515: first 60 + Backup for remaining 60 tunnels

2nd ASA 5515: Remaining 60 + backup for first 60 tunnels

So both will handle 120 tunnels. each would be primary for 60 and backup for remaining 60. if 1 goes down, 2nd will handle the entire 120 tunnels.

and at Head Office i have 20 users as well, and i want PAT load balancing with fail over for internal users.

Thanks,

Sandy

Michael Muenz · ‎12-16-2014

I don't think anyone will post you a complete solution for this.

Why don't you just start the EasyVPN Wizard on the ASA / ASDM for the two headends und then configure your 891 as EasyVPN Client with Dial Backup.

Everything is well documented!

Michael Please rate all helpful posts