[c-nsp] ASA IPsec Tunnel Failover
Ryan West
rwest at zyedge.com
Tue Jul 14 02:22:53 EDT 2009
Jeff,
Give this a shot:
http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/ike.html#wp1121157
You can enable multiple peers inside a single crypto map.
-ryan
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Prabhu Gurumurthy
Sent: Monday, July 13, 2009 4:34 PM
To: Munoz, Jeff
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASA IPsec Tunnel Failover
Answer is: BGP
On Jul 13, 2009, at 1:14 PM, Munoz, Jeff wrote:
> Hey guys, I have two main sites (site A and site B) and one remote
> site (site C). Sites A and B have a metroethernet connection
> between them. Remote site C has an IPsec tunnel back to site A.
> I'd like to setup failover so in case site A's ASA is down the
> remote site C ASA sends the interesting traffic down the site B
> IPsec tunnel. Unfortunately, it will always match the tunnel to
> site A since the phase 2 access lists have the same source/
> destinations. Any ideas on how I can do this?
>
> Thanks!
>
> Jeff
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list