Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco ASA - backup VPN connection failover

Posted on 2011-03-07
1
Medium Priority
?
2,111 Views
Last Modified: 2012-06-27
A customer has an existing Cisco ASA (ASA1) providing primary Internet and remote site VPN connectivity. One of the site-to-site VPN connections (Site X) is critical to the organization, so they need to implement a backup/failover VPN to Site X using a 2nd ASA (ASA2) connected to another ISP.  Both ASAs are in-place (ASA2 currently only handling an incoming remote VPN connection).

We need to somehow configure failover for the Site X VPN - if ASA1 (or its ISP connection) fails, we need the traffic destined for Site X to automatically failover to the Site X VPN through ASA2/ISP2. We don't care about load-balancing at this point, just failover for VPN connectivity.

Thanks, and as always, reference docs/links are appreciated!
0
Comment
Question by:cfan73
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 33

Accepted Solution

by:
MikeKane earned 2000 total points
ID: 35070182
For the remote site, I think you need 2 things.

First, you need to make sure you've setup the redundant ISP config on the ASA.  
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
With that, if the primary ISP fails, the 2nd ISP becomes active as the default gateway.  

Second, in the VPN config at the remote site, you need to add the 2nd ASA IP as the 2nd peer address.  

You probably have a "CRYPTO MAP <name >  SET PEER x.x.x.x" setup in the VPN section.     You just add the 2nd IP inline.  "CRYPTO MAP <name> SET PEER x.x.x.x y.y.y.y"
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c5_72.html#wp2066090
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question