Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
0
Replies

VPN FAILOVER WITH BGP

fmugambi
VIP
VIP

‎09-22-2024 10:52 PM

Hello Team,

I have a topology as below;

fmugambi_1-1727070267216.png

 

Site A is the primary site, site B is the secondary site.

I have an afrinic IP of 110.110.110.0/24.

I use 110.110.110.10 as my local peer to ipsec vpn clients.

On ftds,on both sites i use the same afrinic IP; 110.110.110.0/24 to nat to some internal endpoints that remote clients consume,

eg. 110.110.110.100 natting to 192.168.40.150/32 ...

On site b cisco asa internet firewall i have natted my local vpn peer 110.110.110.10 > 172.16.31.10, such that the tunnels on site b use this IP as their outside interface, but clients know the natted public ip 110.110.110.10.

site A is straightforward as the IP on the ftd for the vpns is as is 110.110.110.10.

The objective is to failover traffic to site b and vice-versa incase of disaster and as well as part of BCP. 

Configurations in place to do this is using bgp; on site b i have as-prepended my own AS number to make it less preferrable making it secondary to site A.

So during a DR drill test, i realized, when i make site A less preferrable by prending my own AS number, and removing the AS prepend on site B, yes SOME vpns come up on site B some still remain on site A.

What do you guys think am doing wrong, what would i be missing? What do i need to correct?

Your insights are much appreciated.

Thank you in advance.

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents