Is it possible to create two site-to-site VPN with dual ISP on two ASA, for backup/redundancy purpose?
Please have a look at the attached diagram.
Company B (right) has two internet links from two different ISP terminate on its two ASA. They would like to setup two site-to-site VPN to Company A (left) on the two ASA for backup/redundancy, so if ISP-2 or ASA-2 become unavailable the VPN can fail over to the backup link (ISP-3 and ASA-3), and vice versa.
If this is workable could you please briefly advise how to configure the ASA? Thank you very much!
This is indeed possible.
Here are few documents for your reference:-
P.S. Please rate helpful posts.
Thank you for your reply.
The examples you suggested are all using one ASA to connect to two ISP link.What I need is to use two ASA connect to two ISP link, so that the devices are also redundancy.
How do I implement that?
I would look at it from the remote end.
on the crypto-map configuration set 2 peers
crypto map IPSec-VPN1 20 ipsec-isakmp
set peer < Public IP address of ASA 1> set peer < Public IP address of ASA 2>
normally try peer1 first if fails tries peer2
Or if using tunnel interfaces for the VPNs use a combination of SLA and EEM scripts to bring up the correct tunnel.