Solved

Cisco ASA - backup VPN connection failover

Posted on 2011-03-07
1
2,048 Views
Last Modified: 2012-06-27
A customer has an existing Cisco ASA (ASA1) providing primary Internet and remote site VPN connectivity. One of the site-to-site VPN connections (Site X) is critical to the organization, so they need to implement a backup/failover VPN to Site X using a 2nd ASA (ASA2) connected to another ISP.  Both ASAs are in-place (ASA2 currently only handling an incoming remote VPN connection).

We need to somehow configure failover for the Site X VPN - if ASA1 (or its ISP connection) fails, we need the traffic destined for Site X to automatically failover to the Site X VPN through ASA2/ISP2. We don't care about load-balancing at this point, just failover for VPN connectivity.

Thanks, and as always, reference docs/links are appreciated!
0
Comment
Question by:cfan73
1 Comment
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 35070182
For the remote site, I think you need 2 things.

First, you need to make sure you've setup the redundant ISP config on the ASA.  
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
With that, if the primary ISP fails, the 2nd ISP becomes active as the default gateway.  

Second, in the VPN config at the remote site, you need to add the 2nd ASA IP as the 2nd peer address.  

You probably have a "CRYPTO MAP <name >  SET PEER x.x.x.x" setup in the VPN section.     You just add the 2nd IP inline.  "CRYPTO MAP <name> SET PEER x.x.x.x y.y.y.y"
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/c5_72.html#wp2066090
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gateway Resilience 4 49
OpenVPN Access Server in EC2 Connectivity Issues 1 33
Some help with Network Design 4 29
Cisco 1811W VLAN configuration problem 3 14
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now