ASA with Dual Site-Site VPN

Unanswered Question
Aug 25th, 2008

Can I terminate two ISP connection with two separate Site-site VPN from each service provider one site-site VPN for back up between two locations provided with one ASA box at each locations.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Marwan ALshawi Mon, 08/25/2008 - 05:29

u can

but u need to make the proper rouing

for example

route outside >>>ISP1

route outside2 >>ISP2 higher metric


make one crypto map aply to each interface

baseed on ur routing

when the first ISP down the second route map will be used so the site to tsite will use the second interface thorugh the ISP2

good luck

please, if helpful Rate

rohandast Mon, 08/25/2008 - 22:17

Thanks for the reply. But there is some other issue. The client wants to teminate both site to site VPN for the same public instead of routing to different IP in the destination. I think configuration is an issue in this case, Let me know your thoughts Would be helpful to resolve the issue.

Marwan ALshawi Tue, 08/26/2008 - 00:31

the problem is ASA dose not support loadbalanceing

in ur case u need a virtual IP like with HSRP to make it one destination

but with ASA limited feature in this case

if u can get routers infront of the ASA might u can get around it !!

and based on the suggestion i have given to u prevously in case of one ISP fauler the client need to reestablition the connection!!


This Discussion