Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
0
Helpful
2
Replies

ASA5505 Failover Issue (Static Routing)

edisonbbs
Level 1
Level 1

‎02-07-2011 07:37 AM

Hi all,

Currently, we got one 5510 in main office A, another 5510 in main office B. And we also have a 5505 in branch office C.

In office A, IP range is 192.168.1.0/24

In office B, IP range is 192.168.2.0/24

In branch C, IP range is 10.10.1.0/24

I have configured two IPsec Site to Site VPN in each firewall.  A---B; A---C; B---C

Now, I want to configure branch C VPN failover, which means if Firewall A up and running. All 192.168.1.0 & 192.168.2.0 traffic will go S2S VPN between A and C.

If firewall A down, all traffic will go through secondray VPN between B and C.

So, how can I control the traffice by static route (Maybe the metic) in 5505?

Or any idea?

Thanks guys!

Labels:
0 Helpful
2 Replies 2

hdashnau
Cisco Employee
Cisco Employee

‎02-07-2011 12:13 PM

Perhaps you could use SLA route tracking (like in this post https://supportforums.cisco.com/message/3071388#3071388) and/or use backup peers (ie set two peers under the same crypto map sequence instead of having one peer in two different crypto map sequences).

0 Helpful

edisonbbs
Level 1
Level 1
In response to hdashnau

‎02-07-2011 01:03 PM

Hi thanks for you information. however, I do not think that is SLA issue. (May be i am not right)

Because this is not two ISP, this is two IPsec tunnels.

I will try cypto map tonight and give a update to you.

0 Helpful
Customers Also Viewed These Support Documents