Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA dual-path: IPSEC & frame-relay


I've read the notes in the following article, and I'm trying to do something similar, that I will describe...

I have a remote site to which I will build an IPSEC tunnel, terminated at the Outside Interface.   I also have a frame-relay conection to that same site, and that router is connected at interface "DMZ".  My prime path is going to be the IPSEC tunnel, and I understand it uses the ACL on the tunnel to 'route' traffic into it.  The backup path is going to be the frame-relay, using  a static route.    I might not even need to use the SLA-monitor method, since when the IPSEC tunnel goes down, the static route to the site over the DMZ interface (via frame-relay) will take over.    This begs the question:  what trumps what:   An ACL on an IPSEC tunnel, or a static route?    Which is preferred over the other?

I just need the primary path to be the IPSEC tunnel, and the backup path to be frame-relay.  --the path will move back to IPSEC when it becomes available again, after a failure....


Alex in MD.

Everyone's tags (3)
CreatePlease login to create content