Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5505 2nd tunnel to fail over to 2nd network

Hello

We have remote sites using Cisco ASA5505s - we link into the Network via  Data Centre 'A'. we now have a Disaster Recovery Server at Data Centre 'B' (in a different geographical Location) is it possible to configure the ASA5505 so that if Data centre 'A' goes down then the ASA5505 would pick up either automatically or on a reboot Data Centre 'B' (the peer address being different at each Data Centre)

help would be appreciated, many thanks in anticipation

derek

1 ACCEPTED SOLUTION

Accepted Solutions

It is. Just set your backup

It is. Just set your backup crypto map to have a lower priority (higher crypto map number) than the primary one, but using the same definition ACL. When the primary fails to negotiate, the next one will be used.

3 REPLIES

It is. Just set your backup

It is. Just set your backup crypto map to have a lower priority (higher crypto map number) than the primary one, but using the same definition ACL. When the primary fails to negotiate, the next one will be used.

New Member

Many thanks Jody I will try

Many thanks Jody I will try that, I was also thinking about the use of DNS? have you any views on that please

derek

DNS typically doesn't work

DNS typically doesn't work for security appliances. They like to have solid IP addresses, possibly because DNS will allow the potential for a VPN to be redirected to another host, compromising the security of the channel.

28
Views
0
Helpful
3
Replies