Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Scenario DR - VPN Tunnel with Backup-Server

Hi All!

I have doubts regarding the following scenario:

We have two ASA's 1, 2 (primary, secondary) in the Central site (New York) doing failover (active, standby). The ASA's establish VPN tunnel with about 60 clients. We put a third ASA 3 in another site (Ohio), for use as a Disaster Recovery, if the central site (New York) is inactive. The clients are configured for backup-servers (http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/b.html#wp1358314), if the central site is down, the clients VPN tunnel established by ASA 3 (Ohio).

My questions: If the ASA primary is down, and the secondary (New York) take active, the clients that are connected in the primary will fall? Connection will be restored? And will that these clients will understand that there was failure and try to establish VPN tunnel with ASA Ohio (backup-server)?

Appreciate any help.

Thank you

1 REPLY

Re: Scenario DR - VPN Tunnel with Backup-Server

If your primary ASA fails, the secondary will take over it's IP and the VPN clients will try and connect to it. You can setup stateful failover which will share connections and the failover should be transparent to the end user. I've never used the backup server command, but after reading about it, it sounds like if both of your NY ASA's failed, then it would try Ohio.

268
Views
0
Helpful
1
Replies
CreatePlease login to create content