Cisco ASA - configure backup L2L tunnels on backup Internet link

We have a core network that has L2L tunnels with several spokes. Several spokes are 8.4 or higher and one spoke is 8.2.5.

The core has a backup Internet link -- let's call it Backup. Goal is to maintain L2L tunnels to the spokes if the primary internet on the core goes down.

On the core side, I've configured NAT to the (inside,Backup), and an access list to allow Backup_access_in.

On the spoke side, I've configured additional tunnel groups to the Backup on the Core. What else is required? Additional crypto maps?
LVL 1
d4nnyoAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
max_the_kingConnect With a Mentor Commented:
Hi,
yes, on the spokes you need to add crypto map as well, not only tunnel groups.
Please note that you can add the backup public IP into each crypto map that already exists for the main site.
For example, on each spoke:
old crypto map:
crypto map outside_map 20 set peer 1.2.3.4
new crypto map:
crypto map outside_map 20 set peer 1.2.3.4 5.6.7.8

hope this helps
max
0
 
d4nnyoAuthor Commented:
Thanks. Is it better to re-creat existing crypto maps? Or add new ones?
0
 
max_the_kingCommented:
It must be The same crypto map. You may as well update the existing one.
max
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.