09-04-2007 10:38 AM - edited 02-21-2020 03:15 PM
I have two ASAs running 7.2.2 each is connected to the Internet via a router with links to two ISPs. Internet access is fine and using object tracking I can get teh routers to swap which ISP they send the traffic to if one ISP fails.
The problem is the L2L ISPEC tunnel between the ASAs. Since the routers do the NAT the outside IP address of the ASAs appears to change dependent on whic ISP is being used.
I have looked at using multiple peers in the crypto map at one end using "the originate" option and the "answer only" option at the other end but that doesnt look viable if both ends change their IP address.
Any ideas ?
09-10-2007 12:00 PM
Split tunneling allows a remote-access IPSec client to conditionally direct packets over an IPSec tunnel in encrypted form, or to a network interface in clear text form. With split tunneling enabled, packets not bound for destinations on the other side of the IPSec tunnel do not have to be encrypted, sent across the tunnel, decrypted, and then routed to a final destination. This command applies this split tunneling policy to a specified network. The default is to tunnel all traffic. In order to set a split tunneling policy, issue the split-tunnel-policy command in the group-policy configuration mode. In order to remove the split-tunneling-policy from the configuration, issue the no form of this command
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml
09-14-2007 07:36 AM
Sorry but the question is nothing to do with split tunneling it sabout how to have a backup VPN peer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide