Multiple tunnel to same office using single peer address
I need to pick your brain on an upcoming project.
Basically we have a single ASA device currently connected to one of our partner office. They've recently been given orders by there security specialist to have a second tunnel as backup connected to our office (as per the attached diagram)
What they will do on their end is to have some kind of ip sla to monitor the primary VPN and then re route the traffic to the backup VPN.
But we only have one single ASA on our side.
1. Is it possible to configure multiple tunnel to same office using one peer address?
2. How will the two reacts with each other since they are connected to same office? Note that we will have same access-list on both tunnel.
All you need is a different peer address at the other end..... As per your information they are going to have a two isp links and one will act as the primary and other as the backup..... at your end you have to do configuring tunnels for both peer addresses at the other end.... as you said ip sla and monitor will take care of the tunnel backup and switchover....
You can check my blog as well for dual s2s @ both ends..... if you have another ISP... you can configure dual vpn at your end as well.....
When you have single ISP at one end and dual ISP at other end then....
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...