Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

site-to-site VPN failover?

Is it possible to configure some type of automatic site-to-site VPN tunnel failover or standby? Scenario: I have 2 totally separate ASA-5540s at a central site, which have different circuits coming into them (hence, different outside IP addresses). If one of our remote sites(5510s and 5505s) that connects back to one of the 5540s fails, is there a way to configure an automatic failover site-to-site tunnel to the other 5540? Or is there some type of standby tunnel or something that can be configured?

2 REPLIES
Cisco Employee

Re: site-to-site VPN failover?

Aaron,

You should be able to achieve this by using Multiple Set Peer statements on the ASA5505 and ASA5510.

crypto map test 10 set peer 1.1.1.1

crypto map test 10 set peer 2.2.2.2

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c5_72.html#wp2066090

Regards,

Arul

*Pls rate if it helps*

New Member

Re: site-to-site VPN failover?

In this scenario, can we still use static crypto maps at the head-end site? If the head-end is set crypto map answer-only, then it cannot initiate a tunnel to the remote site? It will only be active if interesting traffic is being pased?

179
Views
0
Helpful
2
Replies
CreatePlease to create content