[c-nsp] ASA IPsec Tunnel Failover

Nick Griffin nick.jon.griffin at gmail.com
Tue Jul 14 14:21:05 EDT 2009


Do you have any routers/layer 3 devices on the inside of the firewalls, the
weighted GRE tunnels always work well for this.

On Mon, Jul 13, 2009 at 3:14 PM, Munoz, Jeff <Jeff.Munoz at swinc.com> wrote:

> Hey guys, I have two main sites (site A and site B) and one remote site
> (site C).  Sites A and B have a metroethernet connection between them.
>  Remote site C has an IPsec tunnel back to site A.  I'd like to setup
> failover so in case site A's ASA is down the remote site C ASA sends the
> interesting traffic down the site B IPsec tunnel.  Unfortunately, it will
> always match the tunnel to site A since the phase 2 access lists have the
> same source/destinations.  Any ideas on how I can do this?
>
> Thanks!
>
> Jeff
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list