Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Domain based IPSEC VPN


Currently we are having a 2 ISP for Internet. Need to achieve redundancy for IPSEC VPN using the domain.

Requirement :

  1. Will configure a domain and assign two public IP address from 2 service providers. Will set the priority for the public ip address and do the manual change during the ISP failure.
  2. We will provide the domain name to the clients to setup the IPSEC VPN.
  3. So incase of failure by one ISP, we will change the priority in the domain to point to the availble address.
  4. So that we can reduce the downtime and no need of configuring new IPSEC VPN tunnels.

Question :

  1. Whether we can achieve this in Cisco ASA 5520.
  2. Or do we have an alternate solution to overceome this solution.

Can some one helup us.

Everyone's tags (3)
New Member

Domain based IPSEC VPN


I am not sure about domains but yes you can achieve redundancy between 2 ISP links over IPSec VPN.

I have done the same and is in production.

The only differnce is i am using a 2851 rtr with 2 different links from 2 different ISP,

u will need to create a loopback tunnel to the peer IP and set it for session based.

We have also encrypted the link by using crypto on both the interfaces.


CreatePlease to create content