Thursday, August 27, 2015

Cisco ASA: Configuring Redundant VPN Configuration On The Remote End

I have a customer where voice services is a high priority.  They are a hosted customer of ours, and the customer asked me about VPN failover.  They have two ISPs at their site.  I have two locations for my hosted voice.  But for this scenario, we want them to reach one site in particular.  So on my Cisco ASA that Im using at this point for VPN connections, I'm going to configure two tunnel groups.  One for ISP 1 IP address and one for ISP 2 IP address.  Its the normal VPN config on the ASA with one exception.  The exception is below.  See line two.  It has two IP addresses in that command instead of only one.  The first is the primary.  The second is the secondary.  Its a pretty easy setup.  In fact, most of the work is done on the remote end of the VPN.

crypto map outside_map 110 match address 190
crypto map outside_map 110 set peer 
crypto map outside_map 110 set ikev1 transform-set ESP-3DES-MD5

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.