Best Way to handle site to site VPN Redundancy

Unanswered Question
Jun 14th, 2010

Hi All

Just wondering what is the best way to handle VPN site to site redundancy?

Say for example I have Site A (main site) and Site B (remote site). If the WAN link for some reason fails on Site A I need it so that Site B would use the Wan link of another ASA I have on a different ISP's link.

I need it so that at all time Site B has full VPN access back to the main site.

I'm using ASA's on both ends.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
edadios Mon, 06/14/2010 - 18:28

You need to setup like per this document :


To configure a backup Lan-to-Lan connection, we  recommend you configure one end of the connection as originate-only  using the originate-only keyword, and the end  with multiple backup peers as answer-only using the answer-only keyword. On the originate-only end,  use the crypto map set peer command to order  the priority of the peers. The originate-only security appliance  attempts to negotiate with the first peer in the list. If that peer does  not respond, the adaptive security appliance works its way down the  list until either a peer responds or there are no more peers in the  list.




This Discussion

Related Content