WAN link failover using OSPF on ASA

kbozung · ‎12-15-2008

I have a client that currently has two sites connected via IPSec tunnels running on Cisco ASA 5505 firewalls. They want to add a T1 as a more reliable link between the sites but keep the VPN for failover and the ISP links for Internet traffic. They have two scenerios they want to automatic failover for. First should the T1 fail then traffic should reroute over the VPN. Second should the Internet fail at a single site all Internet traffic should reroute through the T1 and out the other side. If I add 1841-T1 routers to each site for the T1 connection can I use OSPF to accomplish these goals? If not can you suggest another way?

viyuan700 · ‎12-15-2008

You are in right direction. What layer 3 protocol r u using right now?

kbozung · ‎12-15-2008

Currently just using static routing. Up until now there hasn't been a need for a routing protocol.

Pravin Phadte · ‎12-15-2008

Hi,

1st You dont need OSPF.

2nd You can have both the senerios in one.

Primary link can have internet and Tunnel on same and can move to backup when primary line fails.

Since ASA does not support load balanceing you will not able to use the above for both line.

check the link below.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

The tunnel configuration is not provided let me know if you are looking for same solution and i can provide you with tunnel configuration.

kbozung · ‎12-16-2008

Thank you. I actually already have ISP failover configured. I'm more concerned with failover over to this new T1.