Hi, Can anyone tell me how to setup automatic VPN failover using 2 seperate ISP circuits. Eg, Our Local office has 2 different internet lines conneced to an ASA5510. we VPN from this office to all other remote locations. All traffic originates here.
Circuit 1 is primary (default Gateway). I use SLA montoring/Route Tracking to monitor remote office public IP's on ASA. When circuit 1 fails, the default route then goes out Circuit 2 and sets up a new tunnel. All this works as expected.
The problem is that the crypto maps on the remote ASA will still try to route all traffic destined the local office back to Circuit 1 IP as it is listed first on the interface crypto map.
what i then see on the remote ASA is 2 tunnels up to both circuit 1 and 2.
I cannot add an additional tunnel peer on the remote end as traffic does not originate there. any ideas?
Hi, not sure if you found resolution to your problem if so let us know how u solved it , if not perhaps try enabling DPD (dead peer detection) at both ends, DPD should sense primary tunnel down and automatically initiate the secondary tunnel per fallback second peer configured and route through backup link . just a thought… may want to try it see if that helps.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :