I have two interenet connetions terminating on my ASA5510 and ISP failover there. Remote access VPN is configured on the device. Normally users are dialing to my primary IP address from the remote end using the VPN client software and if the primary is not available diling to the secondary IP address. My question is can i replace the two dialers in the vpn client software with a single one. That means with out bothering on which connection is available a user can connect to the network using a single dialer. Expecting replies
That is possible only by dialing with domain name to the ASA
I have configured and make it success to one customer like what you are expecting..Need to register one domain name like vpn.cisco.com, then you need to assign both your primary ISP IP address with the pointer value of 5 and secondary ISP IP address with the pointer value of 10 in public DNS server.
In normal scenario , the people used to dial with domain name to connect VPN, since your primary link is up the primary ISP IP adderss will be resolved by public DNS server, and the user can connect with Primary IP address.
If your Primary ISP link is down, that time primary ISP IP address will not be resolved by DNS server and the DNS server will resolve secondary ISP IP address.Then the users can connect the VPN with secondary ISP IP address.there will be no service impact to the users.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...