Redundant L2L IPSec Tunnel between HQ and Branch office
I've a scenario where HQ got an internet leased line (static IP) and Branch office got one Internet leased line (Static IP ) and ADSL line (dynamic IP).
Normally branch office communicates to data center using IPSec tunnel via internet leased line. I want to establish an automatic L2L IPSec tunnel between Branch office and data center via ADSL line if internet leased line at Branch office goes down.
HQ got Cisco ASA 5540 whereas Branch office terminates internet leased line on ASA 5520 and ADSL terminates on Cisco 2811.
Please note that Crypto domain for bother Primary and Secondary IPSec tunnel is same and ADSL got dynamic IP address. Also share your thoughts if I can create backup tunnel using Dynamic DNS (for ADSL) and mentioning hostname ( rather IP address ) of remote peer on HQ ASA.
Re: Redundant L2L IPSec Tunnel between HQ and Branch office
One way i can think of this being done is as below:
1) Configure SLA monitoring on the core switch in Branch office to switch traffic from the Leased line to the ADSL line if the leased line goes down.
2) Leave the static crypto map that is already in place at the headend. Configure a dynamic crypto map and associate it to the static crypto map with a higher sequence number.
3) Configure VPN on the router terminating the ADSL line to the ASA 5540.
This should take care of the VPNs and the fallback mechanism. Please ensure you have isakmp keepalives configured on all the devices in concern so that the VPN goes down if the internet line goes down.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...