Failover route

Unanswered Question
Feb 4th, 2009

I am looking to see if this is possible, not config details yet, with the hardware I have now.

I have at the main office 2 T1 connections and a ASA5510 with security+ lic and 6 remote offices with 1 broadband connection and a ASA5505 each. I have no routers in my network. At the moment I have VPN tunnels setup between the remote office and the Main office through one of the T1. If I setup a 2nd VPN tunnel on each ASA5505 to the other T1 at the main office, can the ASA5505 switch to the 2nd t1 if I have a failure on the 1st T1. Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tmiller888 Thu, 02/05/2009 - 11:36

I think you have three options here.

1) implement as is and use static routes or RIP

2) If the t1s are the same carrier, then have your carrier bond the t1s and dont make any changes.

3) create two contexts out of the main ASA and setup active/active between contexts.

This might help...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

servnj Fri, 02/13/2009 - 13:05

Thanks for that link. Let me rephrase my question now.

On my ASA 5510 I have 6 site-to-site VPN connections. If I now setup the "Redundant or Backup ISP link"

Do I also attach my ACL's and cryto maps to the backup interface? Also if the ASA5510 does switch over to the Backup link how do I get the 6 ASA5505's at the other end of VPN tunnels to now open VPN tunnels to the Backup ISP link.

Thanks

harton Thu, 02/19/2009 - 01:29

I'm trying to do the same. Have you found any solutions?

Thanks.

servnj Fri, 02/20/2009 - 07:01

I have not come up with a solution using the ASA 5505. But I am looking at failover DNS were you pay for a service that checks a public IP if it gets no response it redirects the associated DNS name to the backup public IP address.

Actions

This Discussion