Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
0
Helpful
1
Replies

VPN over redundant lines

ivarstrandberg
Level 1
Level 1

‎12-12-2011 04:16 AM

Hi.

We have a customer who has two ISPs for redundance. We have placed a Cisco ASA 5505 (running 8.4(2)8) at the customer site. In our data center, we have a Cisco ASA 5520 (running 8.2(5)13).

Please see the attached image.

The ASA 5505 supports Dual ISPs, so we have set up two outside interfaces, called "outside" and "backup". We have set up tracking of the default gateway of the "outside" interface, so the default gateway of "backup" should take over in case of an outage on interface "outside".

At first, I tried to set up EzVPN from the 5505 to our central 5520. Sadly, EzVPN with Network Extension only supports one inside interface (the one with the highest security level). Too bad, since IOS supports multiple inside interfaces.

So, since I need more than one inside interface, I'm going to try to set up LAN to LAN between the 5505 and 5520. How do I do this? The 5520 have only one external IP. On the 5505, I can only apply the same crypto map to one interface.

Is there any way to set up the LAN to LAN to be able to use the "backup" interface to establish a VPN to 5520 if the "outside" interface fails?

Labels:
Preview file
37 KB
0 Helpful
1 Reply 1

ivarstrandberg
Level 1
Level 1

‎01-18-2012 01:58 AM

Bump

0 Helpful
Customers Also Viewed These Support Documents