Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Binding crypto map to two interfaces

I have the following setp in mind:-

site 1

Inside network 192.168.0.0

Outside interface (connected to main link) 1.1.1.1

Backup interface (connected to ISP) 2.2.2.2

Site 2

Inside network 192.168.1.0

Outside interface (connected to main link) 3.3.3.3

Backup interface (connectd to ISP) 4.4.4.4

What I would like is to:-

i. Normally created IPsec between the two sites using the links on the "outside interface" between 1.1.1.1 and 3.3.3.3

ii. Create a 2nd rule, so if the "main" link is down that it uses the link 2.2.2.2 and 3.3.3.3

Any ideas how this could be acheived using a single ASA 5510 at each site? I thought of creating a single map with muliple peers at site one, using static mapping to tell the ASA to direct traffic for 2.2.2.2 via the 2nd interface, but when I come to bind the crptomap I relaise that each rule can only be bound to one interface.

I have the same situation but in recverse at site two.

2 REPLIES
Community Member

Re: Binding crypto map to two interfaces

Hello... since it looks like you have two interfaces on the ASA and two ISPs perhaps you can use IP SLA per the link below.

http://www.inacom-sby.net/Shawn/post/2007/11/Cisco-IP-SLA-for-failover.aspx

Here's another link with a PIX that shows how to configure the interfaces (global) and NAT.

Hope it helps.

Community Member

Re: Binding crypto map to two interfaces

Sorry... I re-read this and realize your ASA is the vpn terminating device. I used the IP SLA with a vpn router behind the ASA.

774
Views
0
Helpful
2
Replies
CreatePlease to create content