Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

S-S VPN between ASA and ASR1001

Hello

 

we have 2 ASR routers at HQ connected to ISP and there are new remote sites that needs to be connected to HQ via site to site VPN. Each remote branch will have ASA, The outside IPs of both ASRs are in same subnet. 

 

1. Is it possible to acheive redudancy in HQ side in this design ? 

2. Can i create L2L tunnels to both ASRs ? If yes how can i make 1 tunnel active and other secondary ?

 

                                                                                                                    |ASR1

  Users--------L3SW--------ASA---------------ISP----------CPE---------------|

                                                                                                                    |ASR2

 

Any suggestions are welcome

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

There are two ways:Stateful

There are two ways:

  1. Stateful Failover for IPsec
    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpn-availability-15-mt-book/sec-state-fail-ipsec.html
    http://packetlife.net/blog/2009/aug/17/fun-ipsec-stateful-failover/
  2. VPN-config with two peers an the ASA.
    Here you have two individual gateways on the HQ and the ASA has two tunnel-groups fr both gateways but only one sequence in the crypto-map. The peer-statement has both HQ-IPs configured.
1 REPLY
VIP Purple

There are two ways:Stateful

There are two ways:

  1. Stateful Failover for IPsec
    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnav/configuration/15-mt/sec-vpn-availability-15-mt-book/sec-state-fail-ipsec.html
    http://packetlife.net/blog/2009/aug/17/fun-ipsec-stateful-failover/
  2. VPN-config with two peers an the ASA.
    Here you have two individual gateways on the HQ and the ASA has two tunnel-groups fr both gateways but only one sequence in the crypto-map. The peer-statement has both HQ-IPs configured.
133
Views
0
Helpful
1
Replies
CreatePlease to create content