VPN tunnel for backup solution

HWangLoyalty_2 · ‎10-30-2009

I have a case where I have a main site that has a 6509 switch and remote site that is running a 3750 L3 switch. Right now both of them are uplinked to the MPLS CE router and also run EIGRP with MPLS CE router.So they could connect each other through the MPLS cloud. I would like to improve redundancy for two sites, and I thought I could put an ASA with each site,where they could access internet for a second connection. I want to establish VPN tunnel to access each onther once MPLS link is down.I have a few of questions about it.

a.There is a static Ip address in the main site, but remote office will get dynamic IP address if it is dailed up with modem. How to setup vpn tunnel on the main site because of unknown peer address?

b.Is there any port in the ASA could connect to adsl modem?

c.how to deploy automatic dial up if the MPLS link is down?

I know there is a good solution about dialup backup with router 2800 series or 3800 series.But I do not know how to do like this on ASA? Any help apprecaited

darthnul · ‎11-02-2009

You'll need to initiate the VPN from the dynamically addressed remote site because the main site won't know the IP address of the remote.

Different ASA models have different types and numbers of ports. If the ADSL modem has an Ethernet port (I haven't heard of any that don't) you should have no trouble connecting it to an ASA.

COnfigure the VPN to be up all the time and configure a floating static route through the VPN (with a higher administrative distance than EIGRP) than the that'll take over when the EIGRP route disappears. Use IP SLA if you want to get fancy. If you really need "dialup" as in an analog modem, I don't think the ASAs do that. Any router with an AUX port and VPN capable IOS could do it though. You might want to use one of those at the remote site instead of an ASA.