07-17-2008 05:36 AM - edited 03-09-2019 09:06 PM
Hi,
I need to replace my checkpoint by an ASA 5520 as vpn concentrator and install a secondary asa on a new site with a mlps link between them , no need of vpn L2L.
I have also 10 remotes sites to migrate with vpn-1 edge Checkpoint, I keep it.
I known that I can use a secondary peer in case of failure of primary asa, but can I use "router route injection " to advertise the new L2L network from main asa or backup.
regards
07-17-2008 05:58 AM
Hi,
Yes, you can use RRI, and then advertise the remote IPs in your routing protocol.
crypto map set reverse-route
However, there is a more simple way.
Just configure different IP pools on each ASA.
When the users connects to one ASA will get one set of IPs and when it connects to the secondary will have another set of IPs.
This way you can use static routing for reverse traffic.
Reverse traffic for the first pool will be sent to first ASA, the traffic for the second pool will be sent to secondary ASA.
Please rate if this helped.
Regards,
Daniel
07-17-2008 06:51 AM
Hi,
I use L2L and I don't want to use differents ranges of IP, and my remote site use Checkpoint vpn-1 edge.
Regards
07-17-2008 07:47 AM
Hi,
You can use the ASA in cluster (failover) mode, but that means they need to be in the same VLANs.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide