VPN on non default route interface

mikedelafield · ‎08-26-2009

If I setup a VPN on an ASA interface which is not the default route will it establish?

The interface is the backup default route (using floating static and tracking) but not the default.

Basically this is what I want that the VPN only comes up in the event of failure of primary route and transfer to the backup route.

But i'm worried that the VPN could come up anyway. Which would be bad!

kwillacey · ‎08-27-2009

It depends on how the other end is configured. If it can specify which peer address is primary/default then it will only try the other peer if the first peer is unreachable, hth.

mikedelafield · ‎08-28-2009

The primary connection is a layer 2 direct fibre link and in the event of failure of this link i want a VPN tunnel to establish over ADSL to the same site

However I am concerned the ADSL tunnel will establish automatically and take precedence as the main route. Which of course i don't want

Is this possible?

kwillacey · ‎08-28-2009

It is possible the other VPN will only be established over the ADSL if the primary link fails.

mikedelafield · ‎08-28-2009

it is possible???

i assume this is because the VPN cannot establish out because its interface is not the default internet route? (until failure causes the floating static to pop up that is)

?

thanks again by the way