Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Reg: Dynamic Switching in VPN client for Dual ISP

Unanswered Question
Jan 25th, 2012
User Badges:

Dear Experts,

I was enclosed my network scenario.

I have two ISP connections. One is primary and other one is secondary.

Regardsing Primary ISP, i have two types of IPs. One is WAN IP pool and other one is public pool to used for DMZ.

WAN ip i configured in Router outside interface and LAN public pool  i configured between Router inside interface and Firewall outside interface( Firewall is accessble from internet with the public IP configured on outside interface)

In firewall i terminated Secondary ISP directly on interface called backup.

Firewall configured for ISP failover with sla tracking and its working fine. And firewall also configured for IPSec remote access VPN for mobile users. This is also working fine.

But here i am facing problem with VPN users that whenever primary ISP link was down the VPN user has getiing disconnecting. The user has manullay shifted to the secondary ISP that was configured in VPN client software in user machine.

Is there any way of shifting dynamically one ISP to another ISP when one of ISP got problem.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Mohamed Sobair Sun, 01/29/2012 - 09:27
User Badges:
  • Gold, 750 points or more

This is an IPSec Tunnel. There is no way when the IPSec tunnel goes down for interesting traffic to be active.

So, when there is a failure on the ISP Primary, the Tunnel has to be re-established from the clients with the Secondary one. and I am afraid a manual intervention is required here.

If you need to have such redundancy, you need to have both IPSec tunnels UP, and this is not possible since your ASA is configured with Active/Standby Tracking SLA.




This Discussion