Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Creating a backup site to site vpn tunnel on single ASA5510

I have a dilema. I have a Ciso ASA 5510 that has a site to site VPN with an ASA5505.  There is a need to create a seperate tunnel going out on the ASA5510 using a seperate ISP. This would be a backup tunnel.

Has anyone doen the seperate crypto maps and routing before ?

My understanding is that I can not run a routing protocol over ipsec without a GRE tunnel.  So it looks like I am stuck with statics.

1 REPLY

Re: Creating a backup site to site vpn tunnel on single ASA5510

Hi,

You can create both tunnels on the 5510 on a separate interface, and both tunnels going to the 5505.

Just need to apply the crypto map to both interfaces, and via static routes give preference to one path over the other.

On the 5505 under the crypto map, specify two peers.

That's right, on ASA's you can run dynamic routing protocols but not over plain IPsec.

Federico.

1101
Views
0
Helpful
1
Replies
CreatePlease to create content