Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.

ASA Backup VPN

Hi Guys,

tried having a look on these forums but i coul;d not find an answer.

I am looking to configure a single ASA with a primary and backup/ redundant VPN.

The VPN remote endpoints will be a Cisco 3825 IOS router. I am aware of the

crypto map map-name seq-num set connection-type originate-only command and specifiy a number of Endpoints. But it appears this only works asa-asa.

I have also tried this to no avail

crypto map outside_vpn 11 match address VPN-TO-CUSTA

crypto map outside_vpn 11 set peer CUSTA_ENDPOINT_A

crypto map outside_vpn 11 set transform-set strong

crypto map outside_vpn 12 match address VPN-TO-CUSTA

crypto map outside_vpn 12 set peer CUSTA_ENDPOINT_B

crypto map outside_vpn 12 set transform-set strong

bear in mind that the remote endpoints are different IPs on differet boxes.

Can someone help me here.



========================== A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

Re: ASA Backup VPN

You need to create an SA from public ip of ASA to RouterA and public ip of ASA to RouterB to make this work, tunnel should be set to Originate only on your ASA. On your routers, you also need to define an SA fro public of routerA to ASA public, and from Public of RouterB to ASA too (SA=Crypto ACL) as far as I remember this is what you need, since ASA creates SA's to the peers as soon as you have the originate only setup. Another ASA will do it automatically but with routers you need to do it manually.

CreatePlease to create content