Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1255
Views
0
Helpful
1
Replies

Creating a backup site to site vpn tunnel on single ASA5510

eferro
Level 1
Level 1

‎03-04-2010 11:28 AM

I have a dilema. I have a Ciso ASA 5510 that has a site to site VPN with an ASA5505.  There is a need to create a seperate tunnel going out on the ASA5510 using a seperate ISP. This would be a backup tunnel.

Has anyone doen the seperate crypto maps and routing before ?

My understanding is that I can not run a routing protocol over ipsec without a GRE tunnel.  So it looks like I am stuck with statics.

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-04-2010 12:35 PM

Hi,

You can create both tunnels on the 5510 on a separate interface, and both tunnels going to the 5505.

Just need to apply the crypto map to both interfaces, and via static routes give preference to one path over the other.

On the 5505 under the crypto map, specify two peers.

That's right, on ASA's you can run dynamic routing protocols but not over plain IPsec.

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents