------- |schemma| ------- -1.1.1.1-----outisde-main-VPN------1.1.1.2-- 192.168.1.0---ASA1 ASA2--192.168.16.0 -2.2.2.1------outside-backup-VPN---2.2.2.2-- I see that routes work fine, I mean, when outside-main connection goes down and I do "sho run" I see that routes change in a correct way to outside-backup. But VPN doesn't care about what routes say, I mean, if I disconnect outside-main traffic goes through outside-backup, but next, when I connect again outside-main altough the "sho route" says, go through outside-main again, the traffic keeps in outside-backup. ASA2 (5505) configuration: -------------------------- -------- |Routing:| -------- route outside-main 192.168.1.0 255.255.255.0 1.1.1.1 1 track 1 route outside-backup 192.168.1.0 255.255.255.0 2.2.2.1 254 ! track 1 rtr 1 reachability sla monitor 1 type echo protocol ipIcmpEcho 1.1.1.1 interface outside-main num-packets 3 frequency 10 sla monitor schedule 1 life forever start-time now ------ |IPsec:| ------ access-list outside-main_1_cryptomap extended permit ip 192.168.16.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list outside-backup_1_cryptomap extended permit ip 192.168.16.0 255.255.255.0 192.168.1.0 255.255.255.0 crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map outside-main_map 1 match address outside-main_1_cryptomap crypto map outside-main_map 1 set pfs group1 crypto map outside-main_map 1 set peer 1.1.1.1 crypto map outside-main_map 1 set transform-set ESP-3DES-SHA crypto map outside-main_map interface outside-main crypto map outside-backup_map 1 match address outside-backup_1_cryptomap crypto map outside-backup_map 1 set pfs group1 crypto map outside-backup_map 1 set peer 2.2.2.1 crypto map outside-backup_map 1 set transform-set ESP-3DES-SHA crypto map outside-backup_map interface outside-backup crypto isakmp enable outside-main crypto isakmp enable outside-backup crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 120 !