Dual Routers, Dual/Different ISPs and Two ASA one attached to each ISP

We have dual routers attached to two different ISPs.  We also have two ASAs 5520 and 5510 behind each router.  We want to implement BGP for failover and redundancy.  We have L2L VPN's on both ASAs. How will BGP affect the secondary circuit that has the alternate ASA attached to it? In other words will the L2L VPN still be available on the secondary circuit after we have implemented BGP?  
Dr. Gregory Gleghorn, CISSP, CCNP-RS, CCNP-SecurityDirector of IT Infrastructure and SupportAsked:
Who is Participating?
 
MikeKaneConnect With a Mentor Commented:
Ah, now I understand the setup.    The BGP will not affect the L2L VPN since you have the preferences set.    When the SSI LAN initiates the outbound traffic, it will follow the BGP routing patch as needed.        IF an external client initiates the VPN traffic (I assume they have the failover peers setup on the customer end), then the client tries the 1st peer IP, then the 2nd in the event of an outage.      

Now, this is me talking through a forum without 100% understanding of the network, so check BGP and test the circuit with a simulated outage.   But I think that's all you need here.  

0
 
John MeggersNetwork ArchitectCommented:
I don't know about anybody else here, but I need a diagram to understand what you're trying to accomplish!
0
 
MikeKaneCommented:
I'm confused also....    

If these 2 Circuits and ASAs are at different locations with no back end connectivity, then why use BGP?    The ASA's VPN crypto map match will catch the interesting traffic, encapsulate, and send across the VPN tunnel to the 2nd site.       ????    

0
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

 
Dr. Gregory Gleghorn, CISSP, CCNP-RS, CCNP-SecurityDirector of IT Infrastructure and SupportAuthor Commented:
Here is a diagram of what I am referring too.  Dual Router Two ISPs and 2 ASAs with L2L VPN
0
 
MikeKaneCommented:
That diagram doesn't help me much....    ARe the green and pink clouds ISPs?   I'm not sure how the L2L fit into this scenario since the networks seem to be connected between R1 and R2.    Where are the workstations?    ARe you trying to just get redundant outbound connectivity?  
0
 
Dr. Gregory Gleghorn, CISSP, CCNP-RS, CCNP-SecurityDirector of IT Infrastructure and SupportAuthor Commented:
The diagram above is multi-homed we have in our infrastructure two different ISPs Time Warner and Paetec.  Time Warner will be the preferred circuit when BGP is configured.  Paetec will be the failover circuit in the event that Time Warner becomes unavailable.  

What I am asking you is since we have site to site VPNs on both circuits will the BGP configuration affect the site to site VPN on the Paetec/Failover circuit?  Or do we simply need a static route on the Paetec ASA pointing to Outer Router 2?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.