Solved

Cisco ASA - configure backup L2L tunnels on backup Internet link

Posted on 2016-11-07
3
49 Views
Last Modified: 2016-11-14
We have a core network that has L2L tunnels with several spokes. Several spokes are 8.4 or higher and one spoke is 8.2.5.

The core has a backup Internet link -- let's call it Backup. Goal is to maintain L2L tunnels to the spokes if the primary internet on the core goes down.

On the core side, I've configured NAT to the (inside,Backup), and an access list to allow Backup_access_in.

On the spoke side, I've configured additional tunnel groups to the Backup on the Core. What else is required? Additional crypto maps?
0
Comment
Question by:d4nnyo
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
max_the_king earned 500 total points
ID: 41878326
Hi,
yes, on the spokes you need to add crypto map as well, not only tunnel groups.
Please note that you can add the backup public IP into each crypto map that already exists for the main site.
For example, on each spoke:
old crypto map:
crypto map outside_map 20 set peer 1.2.3.4
new crypto map:
crypto map outside_map 20 set peer 1.2.3.4 5.6.7.8

hope this helps
max
0
 
LVL 1

Author Comment

by:d4nnyo
ID: 41879303
Thanks. Is it better to re-creat existing crypto maps? Or add new ones?
0
 
LVL 16

Expert Comment

by:max_the_king
ID: 41879306
It must be The same crypto map. You may as well update the existing one.
max
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question