09-02-2013 07:05 AM
Hi,
i am configuring VPN solution between 3 sites. Site A is remote office that connects to HQ office witch is site B.
Site C is disaster recovery site that connects by L2VPN to site B (HQ) so they are in same network/subnet and i threat them as single site from the VPN routing point of view. Each site has it's own asa appliance.
Can i create to VPN tunnels to same remote subnet (site B and site C are in the same subnet) and tell ASA to use one of those tunnels as primary?
What is your opinion for solutioning this kind of VPN, how would you do it?
Please see attach for info.
Tnx,
Srdjan
09-02-2013 03:31 PM
Hi,
If you do not need both the tunnel active at the same time and want to use them as primary and back up you need only one crypto map on the ASA and add both the IP as primary and back up.
Forexample.
On Site B and C you will have the normal site to site VPN configuration.
On site A you need to do the following:
access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.100.0 255.255.255.0
crypto map outside_map 10 set transform-set VPN
crypto map outside_map 10 set peer x.x.x.x (site B) x.x.x.x (site C)
crypto map outside_map 10 match address vpn
crypto map outside_map interface outside
tunnel-group x.x.x.x (IP of site B) type ipsec-l2l
tunnel-group x.x.x.x (IP of site B) ipsec-attribute
pre-share-key cisco123
tunnel-group x.x.x.x (IP of site C) type Ipsec-l2l
tunnel-group x.x.x.x (IP of site C) ipsec-attribute
pre-share-key cisco123
So in short you need to create only one crypto map on site A and define the IP address of Site B and C as peer.
And create 2 tunnel-group with the same pre-shared key.
SO which ever IP you will use first in the set peer command will become primary and other will become back-up.
I hope this answers your question. Please let me know if you have any other question.
Thanks
Jeet Kumar
09-03-2013 02:22 AM
Hi,
Thank You for reply, i will try this in few days on site and let You know is it working.
Tnx again,
Srdjan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide