ASA redundant L2L tunnels

Unanswered Question
Sep 23rd, 2009
User Badges:


I have situatation with ASA 5505 on remote office and ASA 5510 on central location. There is L2L tunnel between them.

Now the remote office is getting second ISP. I established L2L tunnel over second ISP.

The problem is that on remote office ACL for tunnels are practicly the same (it is still the same local network on remote office and the same server network on the central location).

How to solve this problem

-on remote location - when both ISP are up, how will ASA "know" into which tunnel to send traffic for central location?

-on central location - the same question, how it will know which tunnel to location will use?

Thanks for answering,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
romannovak Fri, 09/25/2009 - 00:56
User Badges:

Can this be solved with any other mean than using GRE over Ipsec (terminating on router behind ASA's on central and remote location?


romannovak Wed, 09/30/2009 - 07:53
User Badges:


And another question: is terminating GRE tunnel supported on FWSM?

acomiskey Wed, 09/30/2009 - 08:23
User Badges:
  • Green, 3000 points or more

You could use the example above on the remote end.

Then, on the central side you could define 2 peers

crypto map outside_map 1 set peer


This Discussion