Solved

Failover Site-to-Sive VPN

Posted on 2010-09-02
8
2,153 Views
Last Modified: 2012-05-10
I have a need to setup a failover VPN. I have two sites that each connect to the same remote site via a site-to-site VPN. The remote site has installed a failover internet connection and would like me to configure a failover VPN on my two sites.

So my two sites are a Cisco ASA 5505 and a SonicWALL TZ200 Wireless. How would I configure automatic failover VPN tunnels on my devices? Remember, I have a single Internet connection and the remote site has two Internet connections. Thanks.
0
Comment
Question by:mthsupport
  • 5
  • 3
8 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 33588715
Of the site that has the two connections, do they have the Cisco or the Sonicwall?
0
 
LVL 33

Expert Comment

by:digitap
ID: 33588756
If it is the sonicwall, then you can specify both public IP addresses in the SA.  Specify the failover in the secondary.  See the link below for a KB articles on this setting.  The articles are a little old, but the concept is still valid.http://www.sonicwall.com/downloads/Using_Secondary_IPSec_Gateway.pdfhttp://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4974
0
 

Author Comment

by:mthsupport
ID: 33591491
The remote site has a Cisco SA 540 Small Business Appliance.

Thanks for the info digitap. I'll look over that and see what I can do on the SonicWALL.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 33

Expert Comment

by:digitap
ID: 33591522
And it's the Cisco that has the failover Internet connection?
0
 

Author Comment

by:mthsupport
ID: 33595890
Yes, the Cisco SA 540 at the remote site has teh failover Internet connection. My two sites that connect to the remote site with SA have a SonicWALL TZ200W and a Cisco ASA 5505.

Remote site with Failover Internet
FW: Cisco SA 540
Internet connection 1 (primary)
Internet connection 2 (failover)

My site 1
FW: Cisco ASA 5505
Internet connection 1
VPN Tunnel 1 Primary
VPN Tunnel 2 Failover

My Site 2
FW: SonicWALL TZ200W
Internet connection 1
VPN tunnel 1 primary
VPN Tunnel 2 failover

How do I setup the failover VPN on my sites? The article for the SonicWALL you provided looks promising. But still nothing on the ASA.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 33596234
My experience with Cisco is minimal.  However, on the sonicwall, you want to put the public IP address of the Primary internet into the IPSec Primary Gateway field and the public IP address of the failover internet into the IPSec Secondary Gateway field.  There's not much needed on the Sonicwall.  When the primary fails, then the Sonicwall will try the secondary IP address.

Now, from your configuration, it looks like you have the primary and failover connect to BOTH Cisco routers, correct?  Are the two Cisco routers in a hardware failover configuration?
0
 

Author Comment

by:mthsupport
ID: 33626826
Here is how it is done on the ASA. And just like the SonicWALL the only way to failback over to the primary peer (gateway) is for the secondary peer (gateway) to fail. If the secondary peer never goes offline when the primary comes back online neither the ASA nor the SonicWALL will automatically failover to the primary peer (gateway).

1. Configure LAN to LAN normally. On remote end (with one ISP link) configure two peer IP address in same crypto map and specify pre-shared-key with both of peer’s IP.
2. Deed Peer detection is required (which is turned on ASA by default, on routers, you would need to enable it manually)
The attributes remain same and tunnel should come up fine with secondary incase VPN on primary goes down.


Digitap: Thanks for the guidance on the SonicWALL. You'll get all the points.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33627008
Thanks for the points!  Also, thanks for posting back a great description to your final solution!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question