Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RRI & L2L

Hi,

I need to replace my checkpoint by an ASA 5520 as vpn concentrator and install a secondary asa on a new site with a mlps link between them , no need of vpn L2L.

I have also 10 remotes sites to migrate with vpn-1 edge Checkpoint, I keep it.

I known that I can use a secondary peer in case of failure of primary asa, but can I use "router route injection " to advertise the new L2L network from main asa or backup.

regards

3 REPLIES

Re: RRI & L2L

Hi,

Yes, you can use RRI, and then advertise the remote IPs in your routing protocol.

crypto map set reverse-route

However, there is a more simple way.

Just configure different IP pools on each ASA.

When the users connects to one ASA will get one set of IPs and when it connects to the secondary will have another set of IPs.

This way you can use static routing for reverse traffic.

Reverse traffic for the first pool will be sent to first ASA, the traffic for the second pool will be sent to secondary ASA.

Please rate if this helped.

Regards,

Daniel

New Member

Re: RRI & L2L

Hi,

I use L2L and I don't want to use differents ranges of IP, and my remote site use Checkpoint vpn-1 edge.

Regards

Re: RRI & L2L

Hi,

You can use the ASA in cluster (failover) mode, but that means they need to be in the same VLANs.

Regards,

114
Views
0
Helpful
3
Replies