Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Reg: Dynamic Switching in VPN client for Dual ISP

Dear Experts,

I was enclosed my network scenario.

I have two ISP connections. One is primary and other one is secondary.

Regardsing Primary ISP, i have two types of IPs. One is WAN IP pool and other one is public pool to used for DMZ.

WAN ip i configured in Router outside interface and LAN public pool  i configured between Router inside interface and Firewall outside interface( Firewall is accessble from internet with the public IP configured on outside interface)

In firewall i terminated Secondary ISP directly on interface called backup.

Firewall configured for ISP failover with sla tracking and its working fine. And firewall also configured for IPSec remote access VPN for mobile users. This is also working fine.

But here i am facing problem with VPN users that whenever primary ISP link was down the VPN user has getiing disconnecting. The user has manullay shifted to the secondary ISP that was configured in VPN client software in user machine.

Is there any way of shifting dynamically one ISP to another ISP when one of ISP got problem.



Cisco Employee

Reg: Dynamic Switching in VPN client for Dual ISP

Moved thread to the correct community.


Reg: Dynamic Switching in VPN client for Dual ISP

This is an IPSec Tunnel. There is no way when the IPSec tunnel goes down for interesting traffic to be active.

So, when there is a failure on the ISP Primary, the Tunnel has to be re-established from the clients with the Secondary one. and I am afraid a manual intervention is required here.

If you need to have such redundancy, you need to have both IPSec tunnels UP, and this is not possible since your ASA is configured with Active/Standby Tracking SLA.



CreatePlease to create content