Solved

Failover Site-to-Sive VPN

Posted on 2010-09-02
8
2,178 Views
Last Modified: 2012-05-10
I have a need to setup a failover VPN. I have two sites that each connect to the same remote site via a site-to-site VPN. The remote site has installed a failover internet connection and would like me to configure a failover VPN on my two sites.

So my two sites are a Cisco ASA 5505 and a SonicWALL TZ200 Wireless. How would I configure automatic failover VPN tunnels on my devices? Remember, I have a single Internet connection and the remote site has two Internet connections. Thanks.
0
Comment
Question by:mthsupport
  • 5
  • 3
8 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33588715
Of the site that has the two connections, do they have the Cisco or the Sonicwall?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33588756
If it is the sonicwall, then you can specify both public IP addresses in the SA.  Specify the failover in the secondary.  See the link below for a KB articles on this setting.  The articles are a little old, but the concept is still valid.http://www.sonicwall.com/downloads/Using_Secondary_IPSec_Gateway.pdfhttp://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4974
0
 

Author Comment

by:mthsupport
ID: 33591491
The remote site has a Cisco SA 540 Small Business Appliance.

Thanks for the info digitap. I'll look over that and see what I can do on the SonicWALL.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 33

Expert Comment

by:digitap
ID: 33591522
And it's the Cisco that has the failover Internet connection?
0
 

Author Comment

by:mthsupport
ID: 33595890
Yes, the Cisco SA 540 at the remote site has teh failover Internet connection. My two sites that connect to the remote site with SA have a SonicWALL TZ200W and a Cisco ASA 5505.

Remote site with Failover Internet
FW: Cisco SA 540
Internet connection 1 (primary)
Internet connection 2 (failover)

My site 1
FW: Cisco ASA 5505
Internet connection 1
VPN Tunnel 1 Primary
VPN Tunnel 2 Failover

My Site 2
FW: SonicWALL TZ200W
Internet connection 1
VPN tunnel 1 primary
VPN Tunnel 2 failover

How do I setup the failover VPN on my sites? The article for the SonicWALL you provided looks promising. But still nothing on the ASA.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33596234
My experience with Cisco is minimal.  However, on the sonicwall, you want to put the public IP address of the Primary internet into the IPSec Primary Gateway field and the public IP address of the failover internet into the IPSec Secondary Gateway field.  There's not much needed on the Sonicwall.  When the primary fails, then the Sonicwall will try the secondary IP address.

Now, from your configuration, it looks like you have the primary and failover connect to BOTH Cisco routers, correct?  Are the two Cisco routers in a hardware failover configuration?
0
 

Author Comment

by:mthsupport
ID: 33626826
Here is how it is done on the ASA. And just like the SonicWALL the only way to failback over to the primary peer (gateway) is for the secondary peer (gateway) to fail. If the secondary peer never goes offline when the primary comes back online neither the ASA nor the SonicWALL will automatically failover to the primary peer (gateway).

1. Configure LAN to LAN normally. On remote end (with one ISP link) configure two peer IP address in same crypto map and specify pre-shared-key with both of peer’s IP.
2. Deed Peer detection is required (which is turned on ASA by default, on routers, you would need to enable it manually)
The attributes remain same and tunnel should come up fine with secondary incase VPN on primary goes down.


Digitap: Thanks for the guidance on the SonicWALL. You'll get all the points.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33627008
Thanks for the points!  Also, thanks for posting back a great description to your final solution!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question