Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Multiple Site-to-Site VPNs/Dynamic vs. Static routing

I have been tasked to set up multiple site to site VPNs through ASAs for 3 locations. (1 HQ, 2 remote sites) I think I have the general config down. Fortunately, the ASDM makes it, or seems to make it, simple for newbies like me to configure this.

These VPNs are going to be for failover and I have a couple questions:

1) Should the tunnel be up and remain up constantly? I have the configurations done but the tunnel is not up. I am assuming, and I could be wrong, that it's not up because the primary link is up. Should I not assume this? Is there a way to test the tunnel configuration without removing the primary link?

2) How will the ASAs know that the primary link is down and to switch over to the VPN? The situation is we are all connected via MPLS but internally use static routing. Do I have to enable dynamic routing on the internal networks?

Thanks in advance for any assistance.



Re: Multiple Site-to-Site VPNs/Dynamic vs. Static routing

If there is no traffic passed through the tunnel , tunnel will be brought down based on the IPSEC SA idle timer. For an idea about failopver refer to URL for more information.

CreatePlease to create content