Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
593
Views
0
Helpful
1
Replies

Redundancy VPN with two ASA 5580

ncamacho
Level 1
Level 1

‎02-05-2010 02:02 PM

Hi,

My customer has the following topology:

CORPORATE_LAN---ASA1---ROUTER1----WAN-------REMOTEROUTER1-----REMOTE_LAN1

                                      X

CORPORATE_LAN---ASA2---ROUTER2----WAN-------REMOTEROUTER2-----REMOTE_LAN2

The ASA1 has two links, one to ROUTER1 and another one to ROUTER2. Similarly, the ASA2 has also two links, one to R1 and the other one to R2.There are 300 remote LANS. We want to configure IPSEC tunnels  between the remote routers (ISR 2800) and the two ASA´s (5580). The customer does not want to configure failover, active-standby on both ASA´s, given that contexts do not support vpn´s. The routing protocol on the WAN is OSPF.

He wants to use both ASA´s at the same time, one as the primary peer and the other one as a backup, should the first ASA fails. So the question is: which is the best way to configure redundancy in this scenario?; LANtoLAN or Easy Vpn?...How do I configure the remote routers with the two ASA as a primary and backup peers?.

I´d appreciate your help

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎02-09-2010 06:58 AM

It depends on numerous things. Cisco Press has a good book on VPN redundancy designs.

http://www.amazon.com/IPSec-VPN-Design-Vijay-Bollapragada/dp/1587051117/ref=sr_1_1?ie=UTF8&s=books&qid=1265727444&sr=8-1

Hope that helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents