[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 430
  • Last Modified:

Failover internet connection - but with a VPN?


Here's the situation - we have our main office and then a remote office.  Cisco ASA at both ends.  There is also a VPN tunnel between the two facilities.
We frequently have internet connection issues at the remote office, meaning we lose connection entirely to them.

What would be involved in getting a device that could failover to a second connection, perhaps a DSL connection, automatically.

What makes it complicated (i would think) is the fact there's a VPN tunnel between the facilities.

What would my options be?
3 Solutions
SteveNetwork ManagerCommented:
depends on your budget :)

HSRP is a great option, where you run multiple routers and if one link goes down it automatically fails over the second router with the extra connection (DSL)?.. because your ASA is behind your router it would still work, as the destination hasnt changed (if its the originating device).. have a watch of this video to see whether it suits you..

An alternaitve option would be to have the L2L VPN setup as a Network Extension Mode remote access VPN. Then, use SLA monitoring on the remote ASA to determine if the internet connection fails over and change the default route. The VPN would have to be initiated by traffic at the remote end, but the remote users would then be able to connect if the primary link failed.

Review the following for config of the VPN

Review the following for SLA Monitoring.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now