I have a design question regarding IPSEC VPN redundancy.
I'm using 2 pix515 (6.3.5) on the central site (with 1 ISP for each) and 1 ASA 5510 (7.2.4) on the remote site (1 ISP).
The remote site establishes the tunnel to the main site on PIX1. If the PIX1 is not available the ASA tries PIX2.
(crypto map CRYPTO set peer IP1 IP2)
It appears to work but I would like to know the limitations of that kind of design. And how it works precisely.
If both PIX are up (which is the case) which PIX the ASA choose? (routing issue on central site?)
If both PIX are up, what makes the ASA deciding to send through VPN1 or 2?
Thank you for your answer