Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1634
Views
0
Helpful
2
Replies

Binding crypto map to two interfaces

mawallace
Level 1
Level 1

‎02-08-2010 03:23 AM

I have the following setp in mind:-

site 1

Inside network 192.168.0.0

Outside interface (connected to main link) 1.1.1.1

Backup interface (connected to ISP) 2.2.2.2

Site 2

Inside network 192.168.1.0

Outside interface (connected to main link) 3.3.3.3

Backup interface (connectd to ISP) 4.4.4.4

What I would like is to:-

i. Normally created IPsec between the two sites using the links on the "outside interface" between 1.1.1.1 and 3.3.3.3

ii. Create a 2nd rule, so if the "main" link is down that it uses the link 2.2.2.2 and 3.3.3.3

Any ideas how this could be acheived using a single ASA 5510 at each site? I thought of creating a single map with muliple peers at site one, using static mapping to tell the ASA to direct traffic for 2.2.2.2 via the 2nd interface, but when I come to bind the crptomap I relaise that each rule can only be bound to one interface.

I have the same situation but in recverse at site two.

Labels:
0 Helpful
2 Replies 2

cmite
Level 1
Level 1

‎02-18-2010 08:28 AM

Hello... since it looks like you have two interfaces on the ASA and two ISPs perhaps you can use IP SLA per the link below.

http://www.inacom-sby.net/Shawn/post/2007/11/Cisco-IP-SLA-for-failover.aspx

Here's another link with a PIX that shows how to configure the interfaces (global) and NAT.

Hope it helps.

0 Helpful

cmite
Level 1
Level 1
In response to cmite

‎02-19-2010 11:23 AM

Sorry... I re-read this and realize your ASA is the vpn terminating device. I used the IP SLA with a vpn router behind the ASA.

0 Helpful
Customers Also Viewed These Support Documents