Hi any one,
I have the diagram:
LAN -- Core Switch 3750X -- Firewall ASA 5515X --- MPLS --- Firewall ASA 5515X --- LAN
I configure Site to site VPN through MPLS line.
Now, I have one question:
How can I configure the firewall that comply with the above diagram means if the active link dies, firewall forward the packet to the standby link ?
Please answer me.
When failover will happen, IP and Mac-address will be swapped between Primary and Secondary unit. So tunnel between P-P ASA should move to P-S ASA.
Thanks for your answer.
I will configure Firewall with mode Active - Passive to Site to site VPN between 2 Site.
Howerver, with mode Active - Passive, if the active link dies, all packet will run on the standby link or all packet will be dropped?
Packets will be dropped, since we need to establish new ipsec tunnel.
Ok, another question: if the active link dies, firewall will route the packet to the stanby link automatic or we must configure manual.
Thanks for your supports.
Firewall will route the packets to standby automatically cause it will be owner of address which is specified in the peer, no manual intervention is required.
Please rate helpfull posts
Thank you very much.