Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

Dual Homed - L2L and Remote Access Tunnels

Hello,

We're desinging a Network, for which I need some expert advise on.

We need to build two tunnels from a Remote ASA, to a Hub ASA, and a VPN Concentrator (for redundancy). Basically, we're thinking of doing an L2L VPN between the two ASAs and a Remote-Access VPN between the ASA and the VPN Concentrator.

I have the following questions:

- I'm not sure if this is a feasilbe design to being with, to have the same ASA create a Dynamic Tunnel (Remot Access) to a VPN Concentrator, and a regular L2L Tunnel to an ASA.

- If the above setup can be configured, Is there a way the Client ASA can hold the Remote Access Tunnel (to the VPN Conc.) down as long as the L2L Tunnel to the Hub ASA is up and running?

This is something which is still in the 'concept' phase, so any advice in this regard would be highly appreciated. Also please let me know if you have any other questions to further explain my scenario.

Thanks in advance!

KG

3 REPLIES
Cisco Employee

Re: Dual Homed - L2L and Remote Access Tunnels

For your first question, yes, it is do-able.

For the second, hmmm, I can think of a way to hack through it. You can use SLA tracking http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml on the ASA to have the route to secondary VPN endpoint point to bogus ip address, os it practically keeps the secondary VPN down. You track the primary VPN endpoint and if that goes down then you use a new route towards the secondary VPN that is correct and brings the VPN up. A hack, but it would work I believe.

I hope it helps.

PK

Re: Dual Homed - L2L and Remote Access Tunnels

Hi PK,

thank you very much for the response. I did look into the document and looks like its a feasible solution. Let me try configuring it and will update the thread if I encounter any other issues.

Thanks again!

KG

Cisco Employee

Re: Dual Homed - L2L and Remote Access Tunnels

Good luck!

Please do rate helpful posts.

PK

177
Views
0
Helpful
3
Replies
CreatePlease to create content