We have a customer who has two ISPs for redundance. We have placed a Cisco ASA 5505 (running 8.4(2)8) at the customer site. In our data center, we have a Cisco ASA 5520 (running 8.2(5)13).
Please see the attached image.
The ASA 5505 supports Dual ISPs, so we have set up two outside interfaces, called "outside" and "backup". We have set up tracking of the default gateway of the "outside" interface, so the default gateway of "backup" should take over in case of an outage on interface "outside".
At first, I tried to set up EzVPN from the 5505 to our central 5520. Sadly, EzVPN with Network Extension only supports one inside interface (the one with the highest security level). Too bad, since IOS supports multiple inside interfaces.
So, since I need more than one inside interface, I'm going to try to set up LAN to LAN between the 5505 and 5520. How do I do this? The 5520 have only one external IP. On the 5505, I can only apply the same crypto map to one interface.
Is there any way to set up the LAN to LAN to be able to use the "backup" interface to establish a VPN to 5520 if the "outside" interface fails?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...