VPN Failover with backup ISP -- ASA 55xx

Unanswered Question
Feb 17th, 2009

I have to implement a failover VPN via a second ISP.

ASA is set up with

int outside1 default route tracked and static IP.

int outside2 default route not tracked metric 2 and dynamic IP :-(

There is a site-2-site IPSEC VPN to a data center..

Now, the customer want to have the VPN up in failover case, too.

I can think of:

1. dyn DNS :-(

2. Easy VPN with network extension

does anybody has any expieriences either way? or other suggestions??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Tue, 02/17/2009 - 05:44

Hello Ralf,

As far as I know, ASA does not support DDNS the way you propose. EasyVPN looks like the only option. Your client should be configured as the EzVPN server btw.


vitesse-it Tue, 02/17/2009 - 06:32


I did tinker a solution w/ dyndns once, don't like it, tho.

I am not happy w/ ezVPN either. It makes me so unflexible for further VPN's

Just wondering if s.b. has better ideas :-)


This Discussion