[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 82
  • Last Modified:

Cisco ASA - configure backup L2L tunnels on backup Internet link

We have a core network that has L2L tunnels with several spokes. Several spokes are 8.4 or higher and one spoke is 8.2.5.

The core has a backup Internet link -- let's call it Backup. Goal is to maintain L2L tunnels to the spokes if the primary internet on the core goes down.

On the core side, I've configured NAT to the (inside,Backup), and an access list to allow Backup_access_in.

On the spoke side, I've configured additional tunnel groups to the Backup on the Core. What else is required? Additional crypto maps?
0
d4nnyo
Asked:
d4nnyo
  • 2
1 Solution
 
max_the_kingCommented:
Hi,
yes, on the spokes you need to add crypto map as well, not only tunnel groups.
Please note that you can add the backup public IP into each crypto map that already exists for the main site.
For example, on each spoke:
old crypto map:
crypto map outside_map 20 set peer 1.2.3.4
new crypto map:
crypto map outside_map 20 set peer 1.2.3.4 5.6.7.8

hope this helps
max
0
 
d4nnyoAuthor Commented:
Thanks. Is it better to re-creat existing crypto maps? Or add new ones?
0
 
max_the_kingCommented:
It must be The same crypto map. You may as well update the existing one.
max
0

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now