cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1525
Views
0
Helpful
3
Replies

ASA static route and VPN

alex goshtaei
Level 1
Level 1

Hi All,

there are two sites connected by MPLS. all the internet traffic from each site going through ASA which is connected to the internet directly. ASA has static  route  to other site through MPLS. I need to configure VPN site to site, in the case of MPLS being down, traffic between two sites going through VPN tunnel:

#route inside 10.1.1.0 255.255.255.0 10.1.2.1 --> route traffic to other site through MPLS (10.1.2.1 is the MPLS router)

if MPLS down, I need to route to 10.1.1.0 subnet through VPN tunnel.

any suggestion would be very apprciated.

thanks

Alex

3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

SLA tracking is your solution.

You have 2 interfaces, one is the mpls and the other is the backupvpn. Each one has a next hop.

You track the mpls next hop and if it fails you will fail back to the vpn next hop (establish VPN and go out encrypted etc).

Here is the link that explains how to set up sla tacking http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

I hope it helps.

PK

thanks for the reply.

but both MPLS and VPN must be route traffic at the same time. VPN interface is used for regular internet traffic and VPN tunnel, and MPLS link is used to reach to the remote site subnets. if MPLS down, I need route to remote site subnets going through VPN tunnel.

OK, you can still do it.

You will track the MPLS routes that are prone to go down. You will also have secondary routes for the same destination subnets with lower priority using VPN next hop. In case tracking fails and the MLPLS routes go down you will use the lower priority ones kick in.

SLA tracking will do it. It is the same as in the link I sent but you would need to track all the MPLS routes and have corresponding fallbacks using the VPN.

The VPN routes that will always be used for VPN and internet will not play in the set up, these routes will stay there.

I hope it makes sense.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: