Hi, Can anyone tell me how to setup automatic VPN failover using 2 seperate ISP circuits. Eg, Our Local office has 2 different internet lines conneced to an ASA5510. we VPN from this office to all other remote locations. All traffic originates here.
Circuit 1 is primary (default Gateway). I use SLA montoring/Route Tracking to monitor remote office public IP's on ASA. When circuit 1 fails, the default route then goes out Circuit 2 and sets up a new tunnel. All this works as expected.
The problem is that the crypto maps on the remote ASA will still try to route all traffic destined the local office back to Circuit 1 IP as it is listed first on the interface crypto map.
what i then see on the remote ASA is 2 tunnels up to both circuit 1 and 2.
I cannot add an additional tunnel peer on the remote end as traffic does not originate there. any ideas?