Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
894
Views
5
Helpful
3
Replies

Metro Link and Site-to-Site VPN tunnel for ASA 5500 series

borisloong
Level 1
Level 1

‎12-21-2007 08:03 PM - edited ‎02-21-2020 03:27 PM

1) Cisco ASA Information

One is Cisco ASA 5505, the other is Cisco ASA 5510. ASA 5505 is local site, ASA 5510 is remote site. ASA 5505 is ASA 8.0(2) and ASDM 6.0(2). ASA 5510 is ASA 7.2(1) and ASDM 5.2(1).

2) Connection between local and remote site via Metro Link (100Mb). Set one Site-To-Site VPN Tunnel for the two ASA firewall, and disabled this VPN connection at present due to one Metro link is available.

3) I want to ask how can I do if this metro is down, the site-to-site VPN tunnel will enable automatically and if this Metro is up again, the Site-to-Site VPN tunnel will down automatically, in the matter of fact, I want to set as Primary and Secondary backup link.

Please everyone can help me, and recommended some tips, thanks.

Labels:
0 Helpful
3 Replies 3

palomoj
Level 1
Level 1

‎12-28-2007 03:12 PM

If you already run EIGRP over the Metro link all you need is a floating static route pointing to the ASA for the VPN as a backup.

Tell us more about what you have at each location and how everything is configured.

borisloong
Level 1
Level 1
In response to palomoj

‎01-20-2008 06:23 PM

I haven't configured EIGRP over the Metro link, I want to ask whether is running EIGRP over the Metro link if this environment,

In my environment, one ASA 5505 located at HK, one ASA 5505 located at HK datacentre, HK ASA has a 100Mb Metro link with HK datacentre, this Metro link is running, I want to ask if this Metro link is down, I want to set a backup link, for instance, Site-site VPN tunnel. Could you please tell me how to configure it, thanks.

0 Helpful

borisloong
Level 1
Level 1
In response to borisloong

‎01-20-2008 08:51 PM

in this environment in detail

UK ASA - one metro ethernet0/2 - 172.16.6.1/16, one inside ethernet0/1 - 192.168.6.1, static routes - metro is 10.128.23.0/24 gateway IP is 172.16.17.31, outside 0.0.0.0 0.0.0.0 210.218.255.256

HK ASA - one metro ethernet0/2 - 172.16.37.101/16, one inside ethernet0/1-7 - 10.128.23.121/24, static routes - 192.168.6.0/24 Gateway IP - 172.16.6.1, outside is 0.0.0.0 0.0.0.0 210.128.122.123

At present, One 100Mb Metro link is established between HK and UK. I want to ask if I want to configure one Site-to-Site VPN tunnel, To use only one ISP in HK, if this metro link is down, this VPN tunnel is established automatically, is this work? thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents