Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

failover for Site to Site VPN

Hi,

I have configured ISP failover on ASA 5510 its working fine, when Primary ISP fails, Traffic is shifting to secondary ISP. On the ASA i have configured Site to Site VPN its working fine on primary ISP, Can any body suggest me when failover happens to the secondry ISP. Site to Site VPN should work on the secondry ISP.

regards,

Raghu

3 REPLIES

Re: failover for Site to Site VPN

Hi,

If the ASA has two interfaces connecting to two ISPs then you can have redundancy (if one ISP fails, the other starts working).

With IP SLA you can track the connection to have the ASA fallback to the primary ISP when it recovers.

Regarding the VPN, the crypto map should be applied to the backup interface so that when the routing triggers the backup ISP, the tunnel will be establish to the backup interface on the ASA.

If it's a site-to-site, the other end of the tunnel should have the peer set to the primary connection of the ASA and have a secondary peer set to to the backup connection.

Hope it makes sense.

Federico.

New Member

Re: failover for Site to Site VPN

Hi,

Redundancy of ISP is working fine, Now i need to configure the Site to Site tunnel For secondry link,

Thanks for the Replay, Please provide me any doucment to configure the secondry peer.

Thanks & Regards,

Raghu

New Member

failover for Site to Site VPN

Hello

How do you set this up?

797
Views
0
Helpful
3
Replies
CreatePlease to create content