[c-nsp] Route or Tunnel?
Phil Bedard
philxor at gmail.com
Fri Jul 21 12:31:07 EDT 2006
I would think you'd need to use two different interfaces since the crypto
map is defined on the actual interface and the traffic would obviously have
the same source/destination IPs. It would be easier with IPSEC Tunnel
interfaces, just higher metric static route would be needed, but you have an
ASA.
I guess my question is what is the backup tunnel going to fix if those
routes aren't reachable via OSPF and the tunnel traverses the same T1?
What failure condition have you seen that this would solve the problem?
Phil
On 7/20/06, Vijay Ramcharan <vramcharan at totality.com> wrote:
>
> Hi all,
>
> Is it possible to have a Cisco ASA 5510 only use a locally configured
> LAN to LAN tunnel (existing on the ASA itself) if it loses a dynamic
> route learnt via OSPF from a neighboring router. The neighboring router
> has a point-to-point circuit to the same remote site as the ASA's L2L
> tunnel.
>
> Here's the setup:
>
> [branch office] -> [ASA] -> [Router]- - -T1- -> Main office
>
> The L2L tunnel on the ASA goes to a VPN concentrator at the Main office.
> The L2L tunnel to the Main office is configured on the ASA but should
> only be used if the dynamic route from the router goes away.
>
> Thanks
>
> Vijay Ramcharan
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list