Solved

Cisco ASA - backup VPN connection failover

Posted on 2011-03-07
1
2,062 Views
Last Modified: 2012-06-27
A customer has an existing Cisco ASA (ASA1) providing primary Internet and remote site VPN connectivity. One of the site-to-site VPN connections (Site X) is critical to the organization, so they need to implement a backup/failover VPN to Site X using a 2nd ASA (ASA2) connected to another ISP.  Both ASAs are in-place (ASA2 currently only handling an incoming remote VPN connection).

We need to somehow configure failover for the Site X VPN - if ASA1 (or its ISP connection) fails, we need the traffic destined for Site X to automatically failover to the Site X VPN through ASA2/ISP2. We don't care about load-balancing at this point, just failover for VPN connectivity.

Thanks, and as always, reference docs/links are appreciated!
0
Comment
Question by:cfan73
1 Comment
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 35070182
For the remote site, I think you need 2 things.

First, you need to make sure you've setup the redundant ISP config on the ASA.  
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
With that, if the primary ISP fails, the 2nd ISP becomes active as the default gateway.  

Second, in the VPN config at the remote site, you need to add the 2nd ASA IP as the 2nd peer address.  

You probably have a "CRYPTO MAP <name >  SET PEER x.x.x.x" setup in the VPN section.     You just add the 2nd IP inline.  "CRYPTO MAP <name> SET PEER x.x.x.x y.y.y.y"
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c5_72.html#wp2066090
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Anyconnect landing page login failed 2 28
Issue with Cisco 4402 and 1142 LAPs 1 25
VPN Ports 8 33
Cisco To Cisco Trunk not working 2 9
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question