Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Redundant ISP and IPSEC - ASA 5505

I'm after a bit of advice concerning the ASAS5505 with IP Plus. I am aware it can do redundant ISP links using a basic IP track. My question is if I have two of these will my IPSEC tunnels work and switch outbound routes ok?

I intend to have two ISP on one end and just 1 on the other end. In the event one of the DSL lines failed on the dual ISP and internet traffic failed over to the backup would I have any issues with getting my VPN to switch?

I have done something similar with a router in front of PIX before which worked ok using multiple peer addresses.

Thanks guys,


Re: Redundant ISP and IPSEC - ASA 5505

The two units in a failover configuration must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM.

Make sure that The two units do not need to have the same size Flash memory. If you use units with different Flash memory sizes in your failover configuration, make sure the unit with the smaller Flash memory has enough space to accommodate the software image files and the configuration files. If it does not, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory fails.

Here is the URL for the configuaration with example it may help you

CreatePlease login to create content