cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6032
Views
0
Helpful
8
Replies

Site to Site VPN Redundancy using ASA's

etamminga
Spotlight
Spotlight

What is the best whay to setup a redundant site to site VPN.

We currently have 2 ASA5510's (8.2) at the HQ and several ASA5505's at remote sites. We would like to have the remote ASA's automatically switch over to the second ASA at the HQ when the primary path fails.

Dual peer adresses on the remote sites with reverse route injection at the HQ and a routing protocol at HQ doesn't work because the already RR exists when we setup the VPN, when it's not even connected.

Please advise....

Regards,

Erik

8 Replies 8

andrew.prince
Level 10
Level 10

just add the secondary external IP address to the current remote site crypto maps.

When the first IP is not available (primary) they will try the secondary e.g

crypto map <> <> set peer y.y.y.y z.z.z.z

y.y.y.y = Primary ASA

z.z.z.z = Secondary ASA

HTH>