Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5512-X in active/standby mode and VPN tunnels

Hi to all, I should have two Cisco ASA devices in active/standby mode (5512-X with security license). I need to have full VPN redundancy over two ISPs to Microsoft Azzure but it doesn't support having tunnel for the same LAN IP address range. With that in mind - in case primary tunnel fails - all the traffic from their LAN should NAT in different IP address range and go over second tunnel. Also, I need to be able to revert back once we have primary tunnel up.I was trying to find some examples in practice, but I didn't see any. I have no possibility to test anything - both ASA will go to production without prior testing of this failover. To be worst, ASA's WAN links will end in providers equipment, not in switch since the switch wasn't designed for it by someone. Can you please help me with this or to point me to the document with example where I can find working configuration for this? Thanks! Tamara

Cisco Employee

Hi,Have you checked this:


Have you checked this:-

Thanks and Regards,

Vibhor Amrodia


CreatePlease to create content