04-03-2018 02:14 AM - edited 03-12-2019 05:09 AM
We have the following scenario on a Cisco ASA 5516
Site A has 2 ISPs.. ISP1 and ISP2 which ISP1 is the main and ISP2 is the redundant (with a different Public IP)
Site B has 1 ISP and is using PFsense
We have a Site to Site VPN configured using IPSec from Site A to Site B which is configured on ISP 1.
We need to configure a second redundant VPN connection from Site A to Site B using ISP2 connection. This will only be used in case the primary connection will fail.
Is it possible to configure the 2nd VPN connection that will automatically kick in in case the other connection fails?
04-03-2018 03:26 AM
On the side with redundant isps, you can apply the same crypto map to both isp interfaces and enable ike on both interfaces as well, then let the routing decide which isp should be used.
For routing you can use a static route with sla, if you already have one in place for 0.0.0.0/0 that can be also used, just make sure you have identity nat configured for the vpn destination on both isp interfaces.
Not sure how to configure the pfsense, but if that would be an asa I would have both remote public IPs configured as peer on the crypt map.
HTH
Bogdan
04-04-2018 04:41 AM
I have the same problem and this is great news. So simple but makes sense.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide