So I may have done something wrong or I just dont understand this.
We have an ASA 5520 at our Datacenter which has one link to the internet. We all so have remote offices with 2 ISP's one primary and one backup each with diff IP address. I setup vpn tunnels between the them (asa 5505/5510 in the remotes).
What I want to do is having a backup tunnel dial out if the outside interface fails. I use IP SLA to track the t1 and if it goes down fail over to DSL. This works, but I tried every way I can think of to move the tunnel and it just plane fails.
I called TAC and they said try using the set connection-type command, use originate-only at the datacenter and answer-only on the remote site. The tunnel does come if we are using the outside interface but if we fail over the ASA in the remote office the DC keep trying only one IP (the outside int of remote office). I cant for the life of me figure this out. TAC gave up and closed the call.
Anyone know why?
We have 5520 at the DC running 7.0.5, remotes are all 7.22.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...