Site to Site VPN from 3G router to ASAfor MPLS backup
I am trying to configure my ASA 5520 to use a site to site VPN to a remote site. My remote site is on an MPLS. I have my provider at a 3G router on site to use as a hot failover for the MPLS link. So far, I have been able to get the site to site IPSec tunnel built, but once it is built, I cannot route traffic to my remote site over it.
I think its because normally I have a route specified for 10.0.0.0/8 (all my remote sites are 10.0.X.0/24) to route traffic to my MPLS router (192.168.2.1). So in the event that a sites MPLS link goes down, traffic from my end is still going to route traffic to the down site over that router and not the site to site tunnel. That route has to stay in because my regular VPN users use this ASA as well, and they need to get to all the sites on the MPLS.
So my question is, is there any way to set the ASA to notice when the remote site (10.0.98.0 in my example) is down, and switch to routing that traffic over the site to site tunnel? I guess it would need a route to the outside interface for this to happen?
Hope that made sense! I am attaching my config for my ASA
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...