What is the best whay to setup a redundant site to site VPN.
We currently have 2 ASA5510's (8.2) at the HQ and several ASA5505's at remote sites. We would like to have the remote ASA's automatically switch over to the second ASA at the HQ when the primary path fails.
Dual peer adresses on the remote sites with reverse route injection at the HQ and a routing protocol at HQ doesn't work because the already RR exists when we setup the VPN, when it's not even connected.
Not entirely game over just yet - you could use IP SLA on the ASA's that could check the remote end via an ICMP check. If it fails, the ASA removed the route from it's local table and stops redistributing it - then the other ASA will have a valid route and will populate that back into the core.
So it is not possible to have EZVPN from 1 remote site using ASA5505s to access to 2 different HeadQuarter sites (using ACTIVE-BACKUP remote access & RRI only ) ? He have spoken this with Cisco representative, and he says we can do it...
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...