I have two ASAs running 7.2.2 each is connected to the Internet via a router with links to two ISPs. Internet access is fine and using object tracking I can get teh routers to swap which ISP they send the traffic to if one ISP fails.
The problem is the L2L ISPEC tunnel between the ASAs. Since the routers do the NAT the outside IP address of the ASAs appears to change dependent on whic ISP is being used.
I have looked at using multiple peers in the crypto map at one end using "the originate" option and the "answer only" option at the other end but that doesnt look viable if both ends change their IP address.
Split tunneling allows a remote-access IPSec client to conditionally direct packets over an IPSec tunnel in encrypted form, or to a network interface in clear text form. With split tunneling enabled, packets not bound for destinations on the other side of the IPSec tunnel do not have to be encrypted, sent across the tunnel, decrypted, and then routed to a final destination. This command applies this split tunneling policy to a specified network. The default is to tunnel all traffic. In order to set a split tunneling policy, issue the split-tunnel-policy command in the group-policy configuration mode. In order to remove the split-tunneling-policy from the configuration, issue the no form of this command
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :