Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to Site VPN from 3G router to ASAfor MPLS backup

Hi All

I am trying to configure my ASA 5520 to use a site to site VPN to a remote site.  My remote site is on an MPLS.  I have my provider at a 3G router on site to use as a hot failover for the MPLS link.  So far, I have been able to get the site to site IPSec tunnel built, but once it is built, I cannot route traffic to my remote site over it.

I think its because normally I have a route specified for 10.0.0.0/8 (all my remote sites are 10.0.X.0/24) to route traffic to my MPLS router (192.168.2.1).  So in the event that a sites MPLS link goes down, traffic from my end is still going to route traffic to the down site over that router and not the site to site tunnel.  That route has to stay in because my regular VPN users use this ASA as well, and they need to get to all the sites on the MPLS.

So my question is, is there any way to set the ASA to notice when the remote site (10.0.98.0 in my example) is down, and switch to routing that traffic over the site to site tunnel?  I guess it would need a route to the outside interface for this to happen?

Hope that made sense!  I am attaching my config for my ASA

Everyone's tags (3)
606
Views
0
Helpful
0
Replies