Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
1
Replies

Site to site with load balencing

onlinerecharge
Level 1
Level 1

‎03-05-2013 10:11 PM

We have a setup like the attachment,

my primary switch for vlan 170 (192.168.170.0) directly connected with Router 2600 and internet working perfactly. and for other subnets (vlan 180,190,200,160) is other switch which is directly connected to firewall so internet for other subnet is working perfactly no problem in this.

we have run a site to site ASA to ASA for all the subnets.( given a route for 10.10.10.0 on switch 1 to go via firewall.

now actual problem start, if we have establish a site to site on router differently for 170 subnet and then internet or tunnel goes down then how this traffic will divert on ASA, how 170 subnet will be able to access 10.10.10.0 remote subnet.

Thanks in advance

Labels:
Preview file
26 KB
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎03-07-2013 05:09 AM

You can't configure the same subnet 192.168.170.0/24 going to the same remote ASA because the ASA will not know whether to send the traffic to the router or the ASA.

What you can do is to configure 1 site-to-site VPN tunnel, with 2 set peer (router as the first peer and ASA as the second peer).

you would need to run dynamic routing protocols to divert the traffic to go to the ASA if your router is down.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents