I'm tired of deleting the crypto map and recreating it and adding a static route to the remote router on the alternate interface everytime a route fails so I thought I would try to multi-home the asa
I have tried to do what you explained in this thread and I have bound the crypto map to both interfaces.
crypto map outside_map3 interface outside1
crypto map outside_map3 interface outside2
I removed all my
route outside2 x.79.121.90 255.255.255.255 2.2.2.1 1
route outside2 x.152.20.146 255.255.255.255 2.2.2.1 1
route outside2 x.11.129.182 255.255.255.255 2.2.2.1 1
route outside x..83.7.127 255.255.255.255 2.2.2.1 1
But the remote sites will only connect to the primary isp
I presume that is because the two remaining 0.0.0.0 routes have matrix or 1 vs 3 or the lack of what direction to return traffic??
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
route outside 0.0.0.0 0.0.0.0 2.2.2.1 3
I see I can setup tracked routes, but I'm not concerned with a local ISP failure. Being an international company, I'm concerned about a route failure anywhere in the middle.
The Remote sites (40) have
crypto map outside_map3 1 set peer 1.1.1.2 2.2.2.2
On the HQ side I'll I simple want is both ISP's active and the ASA to answer on whichever interface the tunnel comes in on and use that interface to route the traffic back. I know it will be a bit random, I'm ok with that?
The crypto map's are double bound and the remote sites previously work on either interface previously when there were two maps.
What am I missing? do I need a Dynamic-Map or VPN Route?
Any Suggestions appreciated
Regards,
Mike
