Redundant L2L VPN Tunnel between ASA and 2 IOS Routers ?
Hello, we have some ASA and PIX devices connected to an IOS Router in our main datacenter using IPSec L2L tunnels.
Is it possible to create a "backup tunnel" between such an PIX/ASA and an other IOS Router in our backup datacenter ?
We would like the traffic to use the main tunnel if it is up, but to automatically switch to the "backup tunnel" in case the primary one fails. Main and backup IOS Router are located in the same LAN and are talking OSPF. I know it is possible to add multiple peers to a crypto map on the ASA, but I don't know how to route this on the datacenter routers.
Re: Redundant L2L VPN Tunnel between ASA and 2 IOS Routers ?
thanks for your reply. I am still not sure about the routing.
On the ASA I will have a static route pointing to the ouside interface, won't I ? How does the ASA decide to use the primary peer if it is up, but to use the secondary in the other case ?
Can I trigger the routes on the routers based on the status of the IPSec tunnel ? How will the backup router know that the tunnel on the primary router fails (only that specific tunnel or the primary router's internet line, but not the whole primary router) ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...