Remote Access VPN Failover

Unanswered Question
Mar 9th, 2010
User Badges:


I have two interenet connetions terminating on my ASA5510 and ISP failover there. Remote access VPN is configured on the device. Normally users are dialing to my primary IP address from the remote end using the VPN client software and if the primary is not available diling to the secondary IP address. My question is can i replace the two dialers in the vpn client software with a single one. That means with out bothering on which connection is available a user can connect to the network using a single dialer. Expecting replies

Thank you,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
KARUPPUCHAMY MA... Tue, 03/09/2010 - 01:46
User Badges:
  • Silver, 250 points or more


That is possible only by dialing with domain name to the ASA

I have configured  and make it success to one customer like what you are expecting..Need to register one domain name like, then you need to assign both your primary ISP IP address with the pointer value of 5 and secondary ISP IP address with the pointer value of 10 in public DNS server.

In normal scenario , the people used to dial with domain name to connect VPN, since your primary link is up the primary ISP IP adderss will be resolved by public DNS server, and the user can connect with Primary IP address.

If your Primary ISP link is down, that time primary ISP IP address will not be resolved by DNS server and the DNS server will resolve secondary ISP IP address.Then the users can connect the VPN with secondary ISP IP address.there will be no service impact to the users.




This Discussion