I have been tasked to set up multiple site to site VPNs through ASAs for 3 locations. (1 HQ, 2 remote sites) I think I have the general config down. Fortunately, the ASDM makes it, or seems to make it, simple for newbies like me to configure this.
These VPNs are going to be for failover and I have a couple questions:
1) Should the tunnel be up and remain up constantly? I have the configurations done but the tunnel is not up. I am assuming, and I could be wrong, that it's not up because the primary link is up. Should I not assume this? Is there a way to test the tunnel configuration without removing the primary link?
2) How will the ASAs know that the primary link is down and to switch over to the VPN? The situation is we are all connected via MPLS but internally use static routing. Do I have to enable dynamic routing on the internal networks?
Thanks in advance for any assistance.