Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
260
Views
0
Helpful
3
Replies

multiple site to site from single asa

manekdamu
Level 1
Level 1

‎08-05-2014 09:12 AM

 

Dear geeks,

I have two locations say HO and DR.

HO have two internet links one LL (connected to asa )  and one ADSL.(connected to pix)

DR having one internet ADSL. (connected to asa) 

Now i have a site to site from LL ho to adsl DR. i want to configure another tunnel from the ADSL HO to ADSL DR.

when the second tunnel comes up the DR ASa will have two tunnels to two sperate public ips with the same crypto and no nat acls since the source and dest internal networks to be protected are same for both the tunnels

is this possible and if both the tunnel comes up which tunnel the asa in the dr will send traffic to and is there any  other solution this cane be made to work

thanks for the help.

 

thanks

Manek

 

 

Labels:
0 Helpful
3 Replies 3

nkarthikeyan
Level 7
Level 7

‎08-05-2014 10:18 AM

Hi,

 

We can make dual l2l tunnel configured @ DR end.

 

http://cuckoonetworks.blogspot.in/

 

http://networkology.net/2013/03/08/site-to-site-vpn-with-dual-isp-for-backup-redundancy/

 

Regards

Karthik

0 Helpful

manekdamu
Level 1
Level 1
In response to nkarthikeyan

‎08-05-2014 01:46 PM

 

Dear karthik,

 

THanks for the reply.

do you mean i mention two peer ip addresses in a single crypto map ??

one ip address for leased line internet  in ho and secondary ip for the adsl public ip in ho ?

the peer ip one two in this the ip one gets most priority and if the ip one is not reachable the dr fw will try the ip two , is that how it works ??

thanks for your advise.

 

thanks

manek

 

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to manekdamu

‎08-05-2014 09:13 PM

Hi Manek,

 

Yes you are correct...... HO has 2 internet links in which one is via leased line and other one via ADSL..... LL/ASA will have a L2L connectivity to DR and ADSL/Pix will have L2L connectivity to DR, which is a normal scenario.

 

On you DR, you need to configure 2 Peers as stated in blogs in the same crypto-map.... peers....

1st Ip will be primary and second peer ip will be standby... if primary fails, then traffic will be thru secondary peer... i.e. via ADSL....

 

Regards

Karthik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents