2 ISP link failover in ASA 5505

Ashish Kumar · ‎08-27-2013

Hi,

I have ASA 5505, want to configure the 2 ISP link Tata and Airtel with failover.

I want to configure the WebVPN with failover, so that user don't need to change the public address when one link goes down.

thanks with regards

Ashish Kumar

Michael Muenz · ‎08-28-2013

This won't work because when Failover accurs (e.g. Tata down) you won't be able to reach this IP

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

Ashish Kumar · ‎08-28-2013

Hi michael,

First of thanks for reply.

Can we do it by public certificate or DNS entry e.g. both ISP Public ip address entry will be in DNS and user will hit particular DNS name. You r right that once link down so user will disconnect but when he will retry then he will connect via another link.

Is it possible??

Ashish

Michael Muenz · ‎08-28-2013

You could try to enable WebVPN on both outside interfaces and do DNS roundrobin, perhaps this works (never tested).

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

Ashish Kumar · ‎08-28-2013

can u share any document.

thanks

Ashish

Michael Muenz · ‎08-28-2013

In ASDM you can select the interfaces where WebVPN is activated, there you check both outside IF's.

In DNS, when your name is vpn.example.com, you set A records for both public IPs

Michael

Please rate all helpful posts

Michael Please rate all helpful posts