but this seems to be only in the case where 1 of the 2 endpoints is multihomed. I've got a scenario where I've got an ASA at a site with a 10 meg main line, 1.5 T1 backup and the same at the distant site. What strategy do people employ to get backup tunnels in this case? Do you set up for all 4 possbilities (10 to 10, 10 to 1.5, 1.5 to 10 and 1.5 to 1.5) or do you pair up the fast ones with one crypto map on each end (10 to 10) and another crypto map on each end (for the 1.5 to 1.5), then add some sort of routing protocol like OSPF over the top? Or do you track routes with a backup and track reachability?
What's the best strategy here? I would be fine saying "if my fast pipes are up, let's go 10 meg to 10 meg" and if one of them fails we fall back to the 1.5 to 1.5" but obviously routes will have to be shuffled here.
I can't be the only person who has multihomed ASA devices doing l2l at 2 locations. Any guidance from a guru would be most appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...