WAN link failover using OSPF on ASA

Unanswered Question
Dec 15th, 2008
User Badges:

I have a client that currently has two sites connected via IPSec tunnels running on Cisco ASA 5505 firewalls. They want to add a T1 as a more reliable link between the sites but keep the VPN for failover and the ISP links for Internet traffic. They have two scenerios they want to automatic failover for. First should the T1 fail then traffic should reroute over the VPN. Second should the Internet fail at a single site all Internet traffic should reroute through the T1 and out the other side. If I add 1841-T1 routers to each site for the T1 connection can I use OSPF to accomplish these goals? If not can you suggest another way?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
viyuan700 Mon, 12/15/2008 - 13:54
User Badges:
  • Silver, 250 points or more

You are in right direction. What layer 3 protocol r u using right now?

kbozung Mon, 12/15/2008 - 13:56
User Badges:

Currently just using static routing. Up until now there hasn't been a need for a routing protocol.

Pravin Phadte Mon, 12/15/2008 - 22:33
User Badges:
  • Silver, 250 points or more


1st You dont need OSPF.

2nd You can have both the senerios in one.

Primary link can have internet and Tunnel on same and can move to backup when primary line fails.

Since ASA does not support load balanceing you will not able to use the above for both line.

check the link below.


The tunnel configuration is not provided let me know if you are looking for same solution and i can provide you with tunnel configuration.

kbozung Tue, 12/16/2008 - 05:24
User Badges:

Thank you. I actually already have ISP failover configured. I'm more concerned with failover over to this new T1.


This Discussion