What is the best whay to setup a redundant site to site VPN.
We currently have 2 ASA5510's (8.2) at the HQ and several ASA5505's at remote sites. We would like to have the remote ASA's automatically switch over to the second ASA at the HQ when the primary path fails.
Dual peer adresses on the remote sites with reverse route injection at the HQ and a routing protocol at HQ doesn't work because the already RR exists when we setup the VPN, when it's not even connected.
Not entirely game over just yet - you could use IP SLA on the ASA's that could check the remote end via an ICMP check. If it fails, the ASA removed the route from it's local table and stops redistributing it - then the other ASA will have a valid route and will populate that back into the core.
So it is not possible to have EZVPN from 1 remote site using ASA5505s to access to 2 different HeadQuarter sites (using ACTIVE-BACKUP remote access & RRI only ) ? He have spoken this with Cisco representative, and he says we can do it...
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...