IPSEC Tunnel Redundancy

Unanswered Question

I've got two ASA5510's, I have SITE-A and SITE-B

SITE-A connects to the INTERNET on one circuit and an MPLS circuit on different interfaces on the router.

SITE-B connects to the INTERNET and MPLS on the same circuit.

My outside interface on the ASA at SITE-A has a public address of: On the router, it NAT's that address to when going out the MPLS interface.

At SITE-B, the outside interface on the ASA is which has public ip address nat'ed to it.

Currently, I am able to create two distinct (one at a time) tunnels which route the appropriate traffic through them. One tunnel is done completely over the MPLS circuit from site to site. The other tunnel goes out of SITE-A's internet connection, and jumps on the MPLS providers public network, then onto the MPLS network to get to SITE-B.

These both work marvelously. I am trying to accomplish haveing the IPSEC tunnel go over the MPLS circuit by default, but in the event that SITE-A loses MPLS connectivity, the tunnel will go over the internet.

These tunnels are currently landing on the ASA's and are not originating or landing on the routers, so I can't use (that I know of) routing on the router to determine which site to connect to.



Any information, or advice about this configuration would be greatly appreciated.

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion