Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSEC Tunnel Redundancy

I've got two ASA5510's, I have SITE-A and SITE-B

SITE-A connects to the INTERNET on one circuit and an MPLS circuit on different interfaces on the router.

SITE-B connects to the INTERNET and MPLS on the same circuit.

My outside interface on the ASA at SITE-A has a public address of: 1.2.3.4. On the router, it NAT's that address to 10.25.25.5/29 when going out the MPLS interface.

At SITE-B, the outside interface on the ASA is 10.25.25.13/30 which has public ip address 4.3.2.1 nat'ed to it.

Currently, I am able to create two distinct (one at a time) tunnels which route the appropriate traffic through them. One tunnel is done completely over the MPLS circuit from site to site. The other tunnel goes out of SITE-A's internet connection, and jumps on the MPLS providers public network, then onto the MPLS network to get to SITE-B.

These both work marvelously. I am trying to accomplish haveing the IPSEC tunnel go over the MPLS circuit by default, but in the event that SITE-A loses MPLS connectivity, the tunnel will go over the internet.

These tunnels are currently landing on the ASA's and are not originating or landing on the routers, so I can't use (that I know of) routing on the router to determine which site to connect to.

TUNNEL-A = 10.25.25.5 to 10.25.25.13

TUNNEL-B = 1.2.3.4 to 4.3.2.1

Any information, or advice about this configuration would be greatly appreciated.

Thank you.

3 REPLIES
New Member

Re: IPSEC Tunnel Redundancy

Anyone?

New Member

Re: IPSEC Tunnel Redundancy

this is something that i would be interested in as well. hope someone can help with this topic.

Gold

Re: IPSEC Tunnel Redundancy

I don't know if this will solve your issue, but have you tried static route tracking?

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

122
Views
0
Helpful
3
Replies
CreatePlease to create content