cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
0
Helpful
3
Replies

RRI & L2L

eric.loiseau
Level 1
Level 1

Hi,

I need to replace my checkpoint by an ASA 5520 as vpn concentrator and install a secondary asa on a new site with a mlps link between them , no need of vpn L2L.

I have also 10 remotes sites to migrate with vpn-1 edge Checkpoint, I keep it.

I known that I can use a secondary peer in case of failure of primary asa, but can I use "router route injection " to advertise the new L2L network from main asa or backup.

regards

3 Replies 3

5220
Level 4
Level 4

Hi,

Yes, you can use RRI, and then advertise the remote IPs in your routing protocol.

crypto map set reverse-route

However, there is a more simple way.

Just configure different IP pools on each ASA.

When the users connects to one ASA will get one set of IPs and when it connects to the secondary will have another set of IPs.

This way you can use static routing for reverse traffic.

Reverse traffic for the first pool will be sent to first ASA, the traffic for the second pool will be sent to secondary ASA.

Please rate if this helped.

Regards,

Daniel

Hi,

I use L2L and I don't want to use differents ranges of IP, and my remote site use Checkpoint vpn-1 edge.

Regards

Hi,

You can use the ASA in cluster (failover) mode, but that means they need to be in the same VLANs.

Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: