Site to Site VPN routing question.

mrrlg · ‎10-17-2008

I have a remote site that is normally connected to our wide area network. Their current failover solution is a ISDN BRI dialer that is not very reliable. They have a separate DSL connection to the internet. I have proposed a site to site vpn tunnel between two ASA's using their internet connection. At the remote site I can assign two default gateways to the end users, one to the wide area network and one with a higher cost to the ASA. The problem is at the main site.

I would need to add this route to the ASA 5550: "route outside 10.216.38.0 255.255.255.0 70.xxx.xxx.1 1" (this subnet is currently routed internally to my wide area network).

I will also need to change these route in my internal router: "ip route 10.216.38.0 255.255.255.0 10.216.0.1" which points to my wide area network to "ip route 10.216.38.0 255.255.255.0 10.216.85.x" which points to the ASA. Is there any way to automate this process? The route outside command in the ASA does not allow you to associate a cost with the route.

Report Inappropriate Content · ‎10-23-2008

You may change the AD or metric (greater than 1) of the route which you want to use as a secondary default gateway and set the AD to 1 for primary default gateway.

Take a look here:

http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/qr.html#wp1762059