WAN link failover using OSPF on ASA

Unanswered Question
Dec 15th, 2008

I have a client that currently has two sites connected via IPSec tunnels running on Cisco ASA 5505 firewalls. They want to add a T1 as a more reliable link between the sites but keep the VPN for failover and the ISP links for Internet traffic. They have two scenerios they want to automatic failover for. First should the T1 fail then traffic should reroute over the VPN. Second should the Internet fail at a single site all Internet traffic should reroute through the T1 and out the other side. If I add 1841-T1 routers to each site for the T1 connection can I use OSPF to accomplish these goals? If not can you suggest another way?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
viyuan700 Mon, 12/15/2008 - 13:54

You are in right direction. What layer 3 protocol r u using right now?

kbozung Mon, 12/15/2008 - 13:56

Currently just using static routing. Up until now there hasn't been a need for a routing protocol.

Pravin Phadte Mon, 12/15/2008 - 22:33


1st You dont need OSPF.

2nd You can have both the senerios in one.

Primary link can have internet and Tunnel on same and can move to backup when primary line fails.

Since ASA does not support load balanceing you will not able to use the above for both line.

check the link below.


The tunnel configuration is not provided let me know if you are looking for same solution and i can provide you with tunnel configuration.

kbozung Tue, 12/16/2008 - 05:24

Thank you. I actually already have ISP failover configured. I'm more concerned with failover over to this new T1.


This Discussion