VPN on non default route interface

Unanswered Question
Aug 26th, 2009
User Badges:

If I setup a VPN on an ASA interface which is not the default route will it establish?

The interface is the backup default route (using floating static and tracking) but not the default.

Basically this is what I want that the VPN only comes up in the event of failure of primary route and transfer to the backup route.

But i'm worried that the VPN could come up anyway. Which would be bad!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
kwillacey Thu, 08/27/2009 - 10:43
User Badges:
  • Bronze, 100 points or more

It depends on how the other end is configured. If it can specify which peer address is primary/default then it will only try the other peer if the first peer is unreachable, hth.

mikedelafield Fri, 08/28/2009 - 05:06
User Badges:

The primary connection is a layer 2 direct fibre link and in the event of failure of this link i want a VPN tunnel to establish over ADSL to the same site

However I am concerned the ADSL tunnel will establish automatically and take precedence as the main route. Which of course i don't want

Is this possible?

kwillacey Fri, 08/28/2009 - 05:39
User Badges:
  • Bronze, 100 points or more

It is possible the other VPN will only be established over the ADSL if the primary link fails.

mikedelafield Fri, 08/28/2009 - 05:47
User Badges:

it is possible???

i assume this is because the VPN cannot establish out because its interface is not the default internet route? (until failure causes the floating static to pop up that is)


thanks again by the way


This Discussion