02-08-2010 03:23 AM
I have the following setp in mind:-
site 1
Inside network 192.168.0.0
Outside interface (connected to main link) 1.1.1.1
Backup interface (connected to ISP) 2.2.2.2
Site 2
Inside network 192.168.1.0
Outside interface (connected to main link) 3.3.3.3
Backup interface (connectd to ISP) 4.4.4.4
What I would like is to:-
i. Normally created IPsec between the two sites using the links on the "outside interface" between 1.1.1.1 and 3.3.3.3
ii. Create a 2nd rule, so if the "main" link is down that it uses the link 2.2.2.2 and 3.3.3.3
Any ideas how this could be acheived using a single ASA 5510 at each site? I thought of creating a single map with muliple peers at site one, using static mapping to tell the ASA to direct traffic for 2.2.2.2 via the 2nd interface, but when I come to bind the crptomap I relaise that each rule can only be bound to one interface.
I have the same situation but in recverse at site two.
02-18-2010 08:28 AM
Hello... since it looks like you have two interfaces on the ASA and two ISPs perhaps you can use IP SLA per the link below.
http://www.inacom-sby.net/Shawn/post/2007/11/Cisco-IP-SLA-for-failover.aspx
Here's another link with a PIX that shows how to configure the interfaces (global) and NAT.
Hope it helps.
02-19-2010 11:23 AM
Sorry... I re-read this and realize your ASA is the vpn terminating device. I used the IP SLA with a vpn router behind the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide