Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
247
Views
0
Helpful
1
Replies

Multiple Site-to-Site VPNs/Dynamic vs. Static routing

cjohnson1279
Level 1
Level 1

‎03-14-2008 08:08 AM - edited ‎03-09-2019 08:18 PM

I have been tasked to set up multiple site to site VPNs through ASAs for 3 locations. (1 HQ, 2 remote sites) I think I have the general config down. Fortunately, the ASDM makes it, or seems to make it, simple for newbies like me to configure this.

These VPNs are going to be for failover and I have a couple questions:

1) Should the tunnel be up and remain up constantly? I have the configurations done but the tunnel is not up. I am assuming, and I could be wrong, that it's not up because the primary link is up. Should I not assume this? Is there a way to test the tunnel configuration without removing the primary link?

2) How will the ASAs know that the primary link is down and to switch over to the VPN? The situation is we are all connected via MPLS but internally use static routing. Do I have to enable dynamic routing on the internal networks?

Thanks in advance for any assistance.

Corinne

Labels:
0 Helpful
1 Reply 1

irisrios
Level 6
Level 6

‎03-20-2008 11:21 AM

If there is no traffic passed through the tunnel , tunnel will be brought down based on the IPSEC SA idle timer. For an idea about failopver refer to URL http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/hsaidle.html#wp1027173 for more information.

0 Helpful
Customers Also Viewed These Support Documents