Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Best Way to handle site to site VPN Redundancy

Hi All

Just wondering what is the best way to handle VPN site to site redundancy?

Say for example I have Site A (main site) and Site B (remote site). If the WAN link for some reason fails on Site A I need it so that Site B would use the Wan link of another ASA I have on a different ISP's link.

I need it so that at all time Site B has full VPN access back to the main site.

I'm using ASA's on both ends.

Thanks

Everyone's tags (3)
1 REPLY
Cisco Employee

Re: Best Way to handle site to site VPN Redundancy

You need to setup like per this document :

http://www.cisco.com/en/US/customer/docs/security/asa/asa82/command/reference/c5.html#wp2238363

http://www.cisco.com/en/US/customer/docs/security/asa/asa82/configuration/guide/ike.html#wp1121157

######

To configure a backup Lan-to-Lan connection, we  recommend you configure one end of the connection as originate-only  using the originate-only keyword, and the end  with multiple backup peers as answer-only using the answer-only keyword. On the originate-only end,  use the crypto map set peer command to order  the priority of the peers. The originate-only security appliance  attempts to negotiate with the first peer in the list. If that peer does  not respond, the adaptive security appliance works its way down the  list until either a peer responds or there are no more peers in the  list.

######

Regards,

1469
Views
0
Helpful
1
Replies
CreatePlease to create content