Creating a backup site to site vpn tunnel on single ASA5510

Unanswered Question

I have a dilema. I have a Ciso ASA 5510 that has a site to site VPN with an ASA5505.  There is a need to create a seperate tunnel going out on the ASA5510 using a seperate ISP. This would be a backup tunnel.

Has anyone doen the seperate crypto maps and routing before ?

My understanding is that I can not run a routing protocol over ipsec without a GRE tunnel.  So it looks like I am stuck with statics.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Thu, 03/04/2010 - 12:35


You can create both tunnels on the 5510 on a separate interface, and both tunnels going to the 5505.

Just need to apply the crypto map to both interfaces, and via static routes give preference to one path over the other.

On the 5505 under the crypto map, specify two peers.

That's right, on ASA's you can run dynamic routing protocols but not over plain IPsec.



This Discussion