Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Tunnel redundancy between PIX and ASA

I have a PIX506E running version 6.3.x in a branch office and an ASA at the central site running version 7.2.x. We have installed a second ISP at the central site and we'd like to configure a backup/redundant tunnel from the branch office to the central site, through the new ISP. Is it possible? Does anyone have any document with a config exemple?

Thanks.

3 REPLIES

Re: Tunnel redundancy between PIX and ASA

Assign any one IP address from the new provider's block to another interface on the ASA. Assign the same crypto map to it. Then add a second 'set peer' command on the branch office (Based on this new public IP).

Regards

Farrukh

New Member

Re: Tunnel redundancy between PIX and ASA

The problem is that, due to network topology, I have to terminate the secondary tunnel to the same ASA's interface. It enters the central site via a different ISP (new public IP) and via NAT is translated to the ASA's outside interface. Do you think it's possible? This is because between the external routers and the ASA, we have a load balancer and a CheckPoint firewall, and all external traffic should pass through it.

Thanks,

Jordi.

Re: Tunnel redundancy between PIX and ASA

Well if the network topology forces you to use the same physical interface, why don't you make logical interfaces? What is the role of the load balancer?

Regards

Farrukh

152
Views
0
Helpful
3
Replies
CreatePlease to create content