Datacenter Dynamic VPN Failover with ASA's

Unanswered Question
Jun 24th, 2008

I have two datacenters connected via EIGRP dynamic routing. Branch offices terminating at the datacenters via lease lines.

I would like to backup the lease lines with ipsec vpn on either ASA's 5520 or higher or cisco 2800 routers. Using either EIGRP on the ASA's or static routing with higher Advertised distance, i would like to failover to the ipsec vpn tunnels automatically if any lease line is down. I am planning to have a pairs of ASA's between the datacenters and connect all branch offices to the ASA's via ipsec tunnel.

Has anyone done this before?

Will it be better to use cisco routers instead of ASA's with better through-put. does anyone have a design ?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
francisco_1 Tue, 06/24/2008 - 05:24

Colin,

I have a copy already. might have to go through it.

any more ideas?

Collin Clark Tue, 06/24/2008 - 05:26

Great. It really isn't that hard :), I used EIGRP and floating static routes. Do you a specific question?

HYE WILSON Wed, 07/23/2008 - 16:49

collin,

WOuld you mind posting a copy of the working configuration. I have a situation where I have an ASA5505 in the main site and the Cisco2801 at the remote site. The primary connection between them is P2P T1, but I want to use VPN over DSL as backup. Having a problem bringing up the VPN tunnel when the T1 is down. Any help will be appreciated. TIA. H. WIlson

husycisco Wed, 07/23/2008 - 17:44

Hello Franco,

ASAs can not terminate a GRE tunnel, which is essential for building this structure with dynamic routing protocols.

I had a couple of ASA 5540s in core in one of the projects that I leaded, 500 simultaneous RA connections from branches replicating SQL Databases from all over the country, throughput has never been an issue. But forget about Active/Active failovering Site to site IPsec VPN tunnels. It is not supported. You can do Active/Passive.

Do branches have 2 different routers for terminating lease line and an internet connection? What kind of switches involved?

Regards

Actions

This Discussion