Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to backup Remote Access VPN in a PIX

Hi all,

I've got a Remote Access VPN up and running in a PIX Firewall. The VPN session are establish trough the outside (connect to an ISP) interface.

Now I want to backup this connection with another ISP. Obviously I need to configure another interface (with public IP address), set the “crypto map” and the “crypto isakmp” to be enable in this new interface, but the problem is the route (the default gateway must change when the outside interface is not available).

What are the options to backup the remote access VPN? Is it possible to do that configuration?

Thx in advance

/mserrao

2 ACCEPTED SOLUTIONS

Accepted Solutions

How to backup Remote Access VPN in a PIX

To setup interface tracking on your ASA...

sla monitor 1

type echo protocol ipIcmpEcho 4.2.2.1 interface OUTSIDE1

frequency 30

!

sla monitor 2

type echo protocol ipIcmpEcho 4.2.2.2 interface OUTSIDE2

frequency 30

!

track 1 rtr 1 reachability

track 2 rtr 2 reachability

!

route OUTSIDE1 0.0.0.0 0.0.0.0 1 track 1

route OUTSIDE2 0.0.0.0 0.0.0.0 2 track 2

!

route OUTSIDE1 4.2.2.1 255.255.255.255 1

route OUTSIDE2 4.2.2.2 255.255.255.255 1

Is that what you are looking for?

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349

How to backup Remote Access VPN in a PIX

Hi Mserrao,

Please follow the link below, which explains in step by step method and descriptive explantions making primary and backup ISP redundance.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

As far as your VPN client are concern, if you have FQDN name for your public address (for vpn client use), then you must associate have both of your public IP(s) (i.e. new or old public IPs) be assign to your vpn's FQDN, so that when one circuit is not available but your vpn-client software will try to second public IP, which is also pointed by FQDN.

Hope this helps.

Thanks

Rizwan Rafeek

4 REPLIES

How to backup Remote Access VPN in a PIX

To setup interface tracking on your ASA...

sla monitor 1

type echo protocol ipIcmpEcho 4.2.2.1 interface OUTSIDE1

frequency 30

!

sla monitor 2

type echo protocol ipIcmpEcho 4.2.2.2 interface OUTSIDE2

frequency 30

!

track 1 rtr 1 reachability

track 2 rtr 2 reachability

!

route OUTSIDE1 0.0.0.0 0.0.0.0 1 track 1

route OUTSIDE2 0.0.0.0 0.0.0.0 2 track 2

!

route OUTSIDE1 4.2.2.1 255.255.255.255 1

route OUTSIDE2 4.2.2.2 255.255.255.255 1

Is that what you are looking for?

Kind Regards,

Kevin

**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

Kind Regards, Kevin Sheahan, CCIE # 41349
New Member

How to backup Remote Access VPN in a PIX

Thx for your helpful reply

Regards

/mserrao

How to backup Remote Access VPN in a PIX

Hi Mserrao,

Please follow the link below, which explains in step by step method and descriptive explantions making primary and backup ISP redundance.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

As far as your VPN client are concern, if you have FQDN name for your public address (for vpn client use), then you must associate have both of your public IP(s) (i.e. new or old public IPs) be assign to your vpn's FQDN, so that when one circuit is not available but your vpn-client software will try to second public IP, which is also pointed by FQDN.

Hope this helps.

Thanks

Rizwan Rafeek

New Member

How to backup Remote Access VPN in a PIX

Thx for your helpful reply

Regards

/mserrao

552
Views
0
Helpful
4
Replies
CreatePlease login to create content