12-18-2007 10:16 AM - edited 02-21-2020 03:26 PM
I've got two ASA5510's, I have SITE-A and SITE-B
SITE-A connects to the INTERNET on one circuit and an MPLS circuit on different interfaces on the router.
SITE-B connects to the INTERNET and MPLS on the same circuit.
My outside interface on the ASA at SITE-A has a public address of: 1.2.3.4. On the router, it NAT's that address to 10.25.25.5/29 when going out the MPLS interface.
At SITE-B, the outside interface on the ASA is 10.25.25.13/30 which has public ip address 4.3.2.1 nat'ed to it.
Currently, I am able to create two distinct (one at a time) tunnels which route the appropriate traffic through them. One tunnel is done completely over the MPLS circuit from site to site. The other tunnel goes out of SITE-A's internet connection, and jumps on the MPLS providers public network, then onto the MPLS network to get to SITE-B.
These both work marvelously. I am trying to accomplish haveing the IPSEC tunnel go over the MPLS circuit by default, but in the event that SITE-A loses MPLS connectivity, the tunnel will go over the internet.
These tunnels are currently landing on the ASA's and are not originating or landing on the routers, so I can't use (that I know of) routing on the router to determine which site to connect to.
TUNNEL-A = 10.25.25.5 to 10.25.25.13
TUNNEL-B = 1.2.3.4 to 4.3.2.1
Any information, or advice about this configuration would be greatly appreciated.
Thank you.
12-20-2007 01:00 PM
Anyone?
12-27-2007 03:06 PM
this is something that i would be interested in as well. hope someone can help with this topic.
12-28-2007 10:14 AM
I don't know if this will solve your issue, but have you tried static route tracking?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: