We are using Cisco871 at branches and ASA5520 in router mode at central office. VPN3000 used to terminate IPSEC connections. I trying to implement backup links with OSPF and 'crypto map local-address' feature. Config at Cisco 871 looks like this:
ip address 172.16.255.10 255.255.255.255
crypto map VPN local-address Loopback1
crypto map VPN 10 ipsec-isakmp
set peer 10.1.5.1
set transform-set TRANSFORM_SET
match address VPN_TRIGGER
description MAIN LINK
ip address 172.16.1.10 255.255.255.0
crypto map VPN
description BACKUP LINK
ip address 172.16.2.10 255.255.255.0
crypto map VPN
router ospf 1
redistribute connected subnets
network 172.16.1.0 0.0.0.255 area 220.127.116.11
network 172.16.2.0 0.0.0.255 area 18.104.22.168
172.16.255.10 configured as peer adress for tunnel on VPN3000.
IPSEC tunnel works fine; 172.16.255.10 is accessible.
172.16.255.10 now accessible via 'link2' interface, but UPD/500 connections is still bound to 'link1' interface..
Is it bug or feature? I suppose its feature. Is it possible to turn off that 'bind connection to interface' feature?
Maybe there are better solutions about backup links? For example, should I use some ISR to terminate OSPF on it (then 172.16.255.10 won't jump from one interface to another). Or, maybe, I should use two different IPSEC tunnels and run routing protocol inside them?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :