Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
1
Replies

Dual home VPN tunnel question

Ronald Nutter
Level 1
Level 1

‎05-12-2010 11:28 AM

For disaster recovery purposes, we have two ASA's.  One is at our main corporate office, the other is at an offsite DR facility.  I have worked up a vpn configuration for the remote offices that should allow them to automatically failover to the DR facility if corporate goes offline for some reason.  My concern is with the ASA itself.  We have OSPF setup on each ASA that advertises the remote office subnets that connect to it.  Even if that office is not connected the ASA still advertises that it can route that subnet. 

Is there a way that we can only have the ASA advertise that it can route a subnet if a particular tunnel is up or do we need to use a manual procedure to fail over the remote endpoints to the DR facility ?

Thanks,

Ron

Labels:
0 Helpful
1 Reply 1

gatlin007
Level 4
Level 4

‎05-30-2010 08:29 AM

The ASA is a good firewall and IPSEC tunnel endpoint. 

For dual homed routing solutions a router with the firewall feature set is a better fit.  This gives the network advanced routing features, IPSEC and stateful inspection all on one box.


Christopher Gatlin
http://travelingtech.net

0 Helpful
Customers Also Viewed These Support Documents