I have two datacenters connected via EIGRP dynamic routing. Branch offices terminating at the datacenters via lease lines.
I would like to backup the lease lines with ipsec vpn on either ASA's 5520 or higher or cisco 2800 routers. Using either EIGRP on the ASA's or static routing with higher Advertised distance, i would like to failover to the ipsec vpn tunnels automatically if any lease line is down. I am planning to have a pairs of ASA's between the datacenters and connect all branch offices to the ASA's via ipsec tunnel.
Has anyone done this before?
Will it be better to use cisco routers instead of ASA's with better through-put. does anyone have a design ?
WOuld you mind posting a copy of the working configuration. I have a situation where I have an ASA5505 in the main site and the Cisco2801 at the remote site. The primary connection between them is P2P T1, but I want to use VPN over DSL as backup. Having a problem bringing up the VPN tunnel when the T1 is down. Any help will be appreciated. TIA. H. WIlson
ASAs can not terminate a GRE tunnel, which is essential for building this structure with dynamic routing protocols.
I had a couple of ASA 5540s in core in one of the projects that I leaded, 500 simultaneous RA connections from branches replicating SQL Databases from all over the country, throughput has never been an issue. But forget about Active/Active failovering Site to site IPsec VPN tunnels. It is not supported. You can do Active/Passive.
Do branches have 2 different routers for terminating lease line and an internet connection? What kind of switches involved?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...