VPN on non default route interface

Unanswered Question
Aug 26th, 2009

If I setup a VPN on an ASA interface which is not the default route will it establish?

The interface is the backup default route (using floating static and tracking) but not the default.

Basically this is what I want that the VPN only comes up in the event of failure of primary route and transfer to the backup route.

But i'm worried that the VPN could come up anyway. Which would be bad!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
kwillacey Thu, 08/27/2009 - 10:43

It depends on how the other end is configured. If it can specify which peer address is primary/default then it will only try the other peer if the first peer is unreachable, hth.

mikedelafield Fri, 08/28/2009 - 05:06

The primary connection is a layer 2 direct fibre link and in the event of failure of this link i want a VPN tunnel to establish over ADSL to the same site

However I am concerned the ADSL tunnel will establish automatically and take precedence as the main route. Which of course i don't want

Is this possible?

kwillacey Fri, 08/28/2009 - 05:39

It is possible the other VPN will only be established over the ADSL if the primary link fails.

mikedelafield Fri, 08/28/2009 - 05:47

it is possible???

i assume this is because the VPN cannot establish out because its interface is not the default internet route? (until failure causes the floating static to pop up that is)

?

thanks again by the way

Actions

This Discussion