Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
312
Views
0
Helpful
1
Replies

VPN Failover within the same ASA

bwgray
Level 1
Level 1

‎05-22-2009 06:43 AM - edited ‎02-21-2020 03:28 AM

Hi Everyone,

I'm working out a concept here and want to know if this can be done. On an ASA I would like to have 2 different interfaces connect to 2 different ISP's - one primary, one backup. As well I will be running VPN tunnels across the links.

What I want to know is if I have a tunnel established over ISP A to our remote site, and it fails, is there a way to have the state information and tunnel moved over to ISP B, on the same ASA device?

Thanks!

0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎05-24-2009 05:48 AM

First of all ASA does not support multiple default routes (out different interfaces), so you can't do an active-active ISP setup. It also does not support PBR.

AFAIK, you cannot achieve stateful VPN failover in this manner. You could set 'two' crypto map peer statements on the other side, but this will not give you stateful failover.

Cisco recommends IOS routers for L2L setups, as they are more feature rich in this regard.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card