Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSEC Tunnel Redundancy

I've got two ASA5510's, I have SITE-A and SITE-B

SITE-A connects to the INTERNET on one circuit and an MPLS circuit on different interfaces on the router.

SITE-B connects to the INTERNET and MPLS on the same circuit.

My outside interface on the ASA at SITE-A has a public address of: On the router, it NAT's that address to when going out the MPLS interface.

At SITE-B, the outside interface on the ASA is which has public ip address nat'ed to it.

Currently, I am able to create two distinct (one at a time) tunnels which route the appropriate traffic through them. One tunnel is done completely over the MPLS circuit from site to site. The other tunnel goes out of SITE-A's internet connection, and jumps on the MPLS providers public network, then onto the MPLS network to get to SITE-B.

These both work marvelously. I am trying to accomplish haveing the IPSEC tunnel go over the MPLS circuit by default, but in the event that SITE-A loses MPLS connectivity, the tunnel will go over the internet.

These tunnels are currently landing on the ASA's and are not originating or landing on the routers, so I can't use (that I know of) routing on the router to determine which site to connect to.



Any information, or advice about this configuration would be greatly appreciated.

Thank you.

New Member

Re: IPSEC Tunnel Redundancy


New Member

Re: IPSEC Tunnel Redundancy

this is something that i would be interested in as well. hope someone can help with this topic.


Re: IPSEC Tunnel Redundancy

I don't know if this will solve your issue, but have you tried static route tracking?

CreatePlease to create content