Scenario DR - VPN Tunnel with Backup-Server

Unanswered Question
Jun 15th, 2009

Hi All!

I have doubts regarding the following scenario:

We have two ASA's 1, 2 (primary, secondary) in the Central site (New York) doing failover (active, standby). The ASA's establish VPN tunnel with about 60 clients. We put a third ASA 3 in another site (Ohio), for use as a Disaster Recovery, if the central site (New York) is inactive. The clients are configured for backup-servers (http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/b.html#wp1358314), if the central site is down, the clients VPN tunnel established by ASA 3 (Ohio).

My questions: If the ASA primary is down, and the secondary (New York) take active, the clients that are connected in the primary will fall? Connection will be restored? And will that these clients will understand that there was failure and try to establish VPN tunnel with ASA Ohio (backup-server)?

Appreciate any help.

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Mon, 06/15/2009 - 13:31

If your primary ASA fails, the secondary will take over it's IP and the VPN clients will try and connect to it. You can setup stateful failover which will share connections and the failover should be transparent to the end user. I've never used the backup server command, but after reading about it, it sounds like if both of your NY ASA's failed, then it would try Ohio.

Actions

This Discussion