I have an ASA 5510 at Site A with a L2L tunnel to another site, Site B. Single subnet at each site. In a few weeks we will be adding a second
Internet connection to Site B, so both connections will be active. But we want traffic to go over the new connection unless it goes down, then use the other. How do I set that up on the ASA so it doesn't get confused as to which tunnel to take to get to the Site B subnet? Can this be done?
If ASA on Site B is going to have two different interfaces terminating the VPN, then on Site A you define two peers (one preferred).
cry map mymap 10 set peer 18.104.22.168 22.214.171.124
Assuming that 126.96.36.199 is the ASA's Site B first public IP and 188.8.131.52 is the ASA's Site B second public IP.
The ASA at Site A will attempt to establish the tunnel to 184.108.40.206 first and if it fails, it will try 220.127.116.11
On Site B, the ASA should have the crypto map on both interfaces.
You can set the Site B ASA to originate the tunnel and the ASA on Site A to receive.